The CERT® Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT® Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems. The mission of the CERT Vulnerability Analysis team is to make software more secure. The team accomplishes this mission through the coordination of publicly reported vulnerabilities, and through the development and distribution of vulnerability discovery tools and methodologies. The Vulnerability Analysis Research Scientist will execute and manage the research portfolio of the team. This includes the creation of proposals for funding and for publications. The Research Scientist is the team’s main liaison with the SEI Chief Technology Officer, and it will be the Research Scientist’s objective to ensure that the research goals of the Vulnerability Analysis team are well aligned and consistent with the organizational mission of the SEI.
- Education: PhD in computer science, software engineering, information systems, or a related technical field with two (2) years’ experience, a MS with five (5) years’ experience; a BS with eight (8) years’ experience or a combination of training and experiences.
- Experience: Publications in peer-reviewed journals involving binary analysis and/or vulnerability discovery. Development of tools for binary analysis and vulnerability discovery. Participation in academic conferences as a presenter/panelist.
- Skills: Proficient in any of the following programming languages: C/C++/C#/Java/Perl/Python. Technical understanding of system, network, and configuration-based vulnerabilities. Knowledge of: asset hardening techniques; vulnerability assessment and patch management tools; and associated metrics that track this information for an enterprise; current security challenges and threats faced by USG intelligence, defense, law enforcement, and civilian organizations and Internet protocols, operations, and governance. Ability to: make security-related metrics have a compelling story to a concerned, but non-technical audience; set and implement a strategic direction for a technical group; conduct technical project management; brief strategic and technical topics to senior management and non-technical audiences and to deliver products and services to operational groups. Understanding of the vulnerability management lifecycle.
- Physical Mobility: Primarily sedentary in an office setting with some mobility. Requires travel to various domestic locations within the SEI and CMU community to include the SEI Arlington office; sponsor sites; conferences; and offsite meetings with routine frequency (up to one 2 day trip every month).
- Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time.
- Mental: The ability to: work meticulously with careful attention to detail; meet deadlines while working on multiple tasks - sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully; with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; develop and communicate innovative ideas; and excellent oral and written communication skills.
- Other: Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen. The candidate must also be able to undergo and pass a government directed polygraph to maintain clearance.
- Education: PhD in computer science, software engineering, information systems, or a related technical field.
- Experience: Proven track record of successful publications and presentations in peer-reviewed/refereed academic journals and/or conferences ; Experience working in or with the DOD, intelligence community, or law enforcement in a classified environment; Experience employing software engineering techniques in designing and developing software for vulnerability discovery; Experience making presentations to large or high level audiences; Take leadership role in technical projects; broad understanding of network, host, and application security issues, knowledge of common attack methodologies and security vulnerabilities; Strong interest in security analysis R&D.
- Skills: Knowledge of various software testing methodologies, test case creation, and the defect reporting process. Working knowledge of secure systems and network architecture practices. Expertise in Linux and/or Windows system administration and configuration. Expertise with penetration testing or security evaluation of products or networks.
Regular Full Time
Minimum Education Level
Bachelor's Degree or equivalent
Preferred Education Level
Doctorate or equivalent
Carnegie Mellon University - 11 months ago
copy to clipboard
We are a global research university with more than 12,000 students, 92,000 alumni and 5,000 faculty and staff. Carnegie Mellon has been a...