The individual in this position will work as a member of the IT Network and Infrastructure Engineering Group and have as their primary responsibility the administration of enterprise information security systems and the analysis, auditing, investigation, and follow-up of the data generated by those systems. Information security systems in the purview of this position include Intrusion Detection Systems (IDS), netflow systems, DNS monitoring, and log/event correlation systems. This position will also aid in the development of security practices and participate in the overall information security mission of the organization, for example advising other administrators during system deployments as to proper security considerations. This position will also collaborate closely with research programs within the SEI that perform cutting-edge research on information security topics to integrate their research into practical enterprise-scale applications.
Education: BS in Computer Science, Information Science, Information Technology with up to (3) three years of experience. Candidates with a degree in other technical fields (e.g., engineering) and/or years of relevant experience as described above will be considered as well.
Experience: At least three (3) years' experience in at least some the following information security areas, performed as a primary job task: security-related network flow capture and analysis, Snort/Sourcefire IDS administration with signature development, or forensic investigation and analysis of suspect systems using network-related security indicators as part of the investigation. At least some experience with general network administration and administration of services in a Linux-based environment is required.
Skills: Strong skills in basic networking; some skill in administering Linux-based services such as IDS or log analysis; skill in operating a Snort/Sourcefire IDS system and the ability to develop, deploy, and manage IDS rulesets; familiarity with investigating systems in a basic forensics capacity to determine if a system is compromised and/or operating maliciously; administration and use of a netflow capture and analysis system; some scripting ability in a common language such as Perl or Python.
Physical Mobility: Daily foot travel between buildings in and around the CMU campus. Infrequent business travel required, usually to the Washington, DC area (approx. 4 times/year). Computer hardware installation and configuration required on a periodic basis, sometimes involving transport of heavy objects (typically under 100 lbs.) short distances using assistance devices, use of hand tools, et cetera. Carrying of light objects (< 20 lbs.) for longer distances (intra-campus; 2-3 city blocks) may also be required.
Environmental Conditions: Ability to use a computer keyboard and display for extended periods of time; periodic work in a computer datacenter or wiring closet environment.
Mental: Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to interact effectively with others of varying technical competency, vendors, managers, and other technical research staff; ability to work effectively with other groups within the SEI and Carnegie Mellon. Good technical problem-solving skills. Strong information organization skills as well as good oral and written communication skills are required.
Other: Ability to work on weekends and after-hours as necessary, especially during security incidents and emergencies. This position will be infrequently called upon outside of business hours as an escalation point for information security-related issues and incidents. Candidate must pass a background investigation and be able to obtain a United States DoD Top Secret clearance and maintain that clearance as a condition of employment.
Licenses: CISSP, CISM
Experience: Use of the SiLK tools, YAF, Analysis Toolkit for netflow analysis.
Skills: SiLK tools; YAF; advanced Perl programming; Cisco IOS and ASA-OS; Juniper JunOS, Wireshark or other tools to process PCAP files; SEIM tools such as QRadar, ArcSight or Splunk; Nessus vulnerability scanner.
Other: Clearances: United States DoD Top Secret or equivalent that is transferrable to the SEI.
Regular Full Time
SEI INFORMATION TECHNOLOGY AND SECURITY
Minimum Education Level
Bachelor's Degree or equivalent
Carnegie Mellon University - 22 months ago
We are a global research university with more than 12,000 students, 92,000 alumni and 5,000 faculty and staff. Carnegie Mellon has been a...