Vulnerability Analysis - Technical Manager

Who We Are

The SEI is a non-profit, DoD-sponsored federally funded research and development center (FFRDC) at Carnegie Mellon University. Originally created in response to one of the first computer viruses in 1988, CERT has remained a leader in cybersecurity research, improving the robustness of software systems, and in responding to sophisticated cybersecurity threats.

What We Do

The Vulnerability Analysis team home of the (CERT/Coordination Center) works with an expansive network of software developers and vendors, security researchers, and policymakers to reduce the societal harm of vulnerable software and systems. Since releasing our first security advisory in 1988, CERT/CC has defined and continually improved upon the world’s Coordinated Vulnerability Disclosure (CVD) practices - from publishing the CERT Guide to CVD to developing innovative ways to prioritize vulnerabilities and releasing open-source software for vulnerability information and coordination. Expanding upon the vulnerability coordination of the CERT/CC charter, the Vulnerability Analysis team closely collaborates with AI practitioners to ensure the robustness and security of AI systems as it’s the next big challenge on the horizon.

Are you creative, organized, collaborative, security-focused, and hard-working? Are you driven by opportunities to make a difference by hardening the cybersecurity posture of government organizations and beyond? Are you excited about pioneering new research areas that will impact academia, industry, and national security? If so, apply to join our team.

Position Summary

As the Technical Manager of the Vulnerability Analysis team, you will lead a dynamic team of internet security experts focused on advancing the state of the art in vulnerability assessment and discovery, coordinated vulnerability disclosure, and software and AI security on a national and global scale.

What you will do

You will be responsible for the development and execution of a strategic vision and roadmap that advances the state of the art and practice in the Vulnerability Analysis technical area. You will participate in communities of network defenders, software developers and vendors, security researchers, and policy-makers. You will oversee a team of diverse technical staff, research projects, and customer deliverables in support of our U.S. Government stakeholders. Your team’s deliverables will include security advisories; technical publications; industry and government conference presentations; direct customer engagement; and prototype tools and techniques.

Who you are

• People-focused: You have the ability and desire to identify, recruit, retain, mentor, and develop a high-caliber, interdisciplinary team developing advanced technology solutions for important and high-impact needs.
• Strategic Thinker: You have experience in leading the creation and execution of strategic planning activities. You develop and pursue new opportunities with current and new customers, including drafting new work plans and managing funding and budgeting through the plan lifecycle.
• Innovative and Impactful: You have a deep interest in cybersecurity, intellectual curiosity and a desire to make an impact beyond your organization. 
• Knowledgeable and Methodical: You have a strong understanding of research methods in computer science, engineering and security, and related fields as well as of internet fundamentals including network protocols, provider operations and governance. 
• Communicator and Collaborator: You have outstanding written and oral communication skills and you can relate collaboratively and diplomatically with customers and colleagues inside and outside the organization. You can present complex ideas to people who may not have a deep understanding of the subject area.

Our Desired Expertise and Experience

• Vulnerability Research, Analysis, Disclosure, and Mitigation: You have a demonstrated track record of applying knowledge of technology, systems architecture and security best practice to practical problems in enterprise security
• Deep technical knowledge: You have performed roles advising on a range of security topics based on research and expert opinion, and are able to apply modern data-driven research methods to cost-effectiveness analysis, risk analysis and information security decision making and collaborating on industry and academic community projects.
• Project Management and Technical Leadership: You have experience organizing and planning complex projects and communicating complex system designs, technical approaches and road maps to sponsors, project managers and technical staff. You also have the ability to distill the implications of complex research results and apply those results to government operations.
• Knowledge and Learning: You are capable of applying your cybersecurity knowledge to position the team to pursue new opportunities in research areas such as AI/ML domain and open-source software.
• Dedication: You can meet deadlines while multi-tasking, at times under pressure and with shifting priorities.

Other Requirements:

• You have a BS in Computer Science, Information Science, or Analytical discipline with ten (10) years of experience; OR MS in the same fields with eight (8) years of experience; OR PhD in the same fields with five (5) years of experience. 
• Travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, as well as external sponsor sites, conferences, and offsite meetings on occasion. Travel estimated to be up to 20%.
• You will be subject to a background investigation and must be eligible to obtain and maintain a Department of Defense security clearance.  

Why work here?  

• Join a world-class organization that continues to have a significant impact on software.  
• Work with cutting-edge technologies and dedicated experts to solve tough problems for the government and the nation.  
• Be surrounded by knowledgeable staff with broad expertise across AI/ML, cybersecurity, software engineering, risk management, and policy creation. 
• Get tuition benefits to CMU and other institutions for you and your dependent children.  
• Get 8% monthly contribution for your retirement, without having to contribute yourself.  
• Enjoy a healthy work/life balance with flexible work arrangements and paid parental and military leave.  
• Get access to university resources including mindfulness programs, childcare and back-up care benefits, and free transportation on the Pittsburgh Regional Transit System.  
• Enjoy annual professional development opportunities; attend conferences and training or obtain a certification and get reimbursed for membership in professional societies.  
• Qualify for relocation assistance and so much more.   

Location

Pittsburgh, PA

Job Function

Software/Applications Development/Engineering

Position Type

Staff – Regular

Full time/Part time

Full time

Pay Basis

Salary

More Information: 

• Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world. 

• Click here to view a listing of employee benefits

• Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran. 

• Statement of Assurance