Career Center

At the SEI CERT Cyber Risk and Resilience Directorate, we enable organizations to achieve operational resilience by performing research in emerging areas of operational risk, producing measurement and assessment tools that help organizations better understand their current risk and resilience posture, and developing and validating models, frameworks, and controls that improve organizations' risk and resilience posture. Our Applied Network Defense team leads and advances the state of the art in technical cybersecurity assessment methodologies, including penetration testing and red-teaming.
Are you creative, curious, energetic, collaborative, technology-focused, and hard-working? Are you interested in making a difference by developing innovative solutions to technical cybersecurity assessment challenges for government organizations and beyond? Apply to join our team.

Position Summary:

In this role, you will join the Applied Network Defense team as a senior penetration testing engineer. You will lead penetration tests and other technical security assessments, develop and evaluate novel security testing capabilities and methodologies, help mentor junior penetration testing staff, and transition your knowledge and expertise to the broader community.

Requirements:

• Education and Experience: BS degree in computer science or related technical field with 8 years of applicable experience (in roles such as penetration tester, information security engineer, network security architect, information systems auditor, or information systems analyst), or a MS degree in a relevant discipline with 5 years of applicable experience, or a PhD in a relevant discipline with 2 years of applicable experience.
• Leading Projects in a Creative, Dynamic Environment: You have experience contributing to multiple simultaneous projects and thrive in a creative and high-energy environment. You are willing to experiment with new practices and develop effective processes, practices, and infrastructure to support successful people and projects.
• Mentorship: You have experience mentoring, motivating, and empowering people in ways that promote equity and inclusion. You are excited by the opportunity to help junior penetration testers grow their technical skills and experience.
• Technical Expertise: Candidates must have broad experience and knowledge of technical cybersecurity assessment methods and related domains. This includes work experience related to penetration testing, red teaming, and technical audits. An Offensive Security Certified Professional (OSCP) certification is required, and an Offensive Security Certified Engineer (OSCE) certification is preferred but not required.
• Travel: Frequent (15-35%) to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.
• Security Clearance: You will be subject to a background investigation and you must have the ability to obtain and maintain a Department of Defense security clearance.

Duties:

• Project Leadership and Customer Engagement (80%): You will lead research projects designed to advance the state of the art in technical cybersecurity assessments. You will represent the SEI regularly presenting our mission and our work to our stakeholders.
• Community Engagement (15%): You will engage with our communities of interest; this includes presenting our mission and work via publication and presentation. You will build and maintain relationships with the relevant research and technology communities.
• Professional Development (5%): You will continue to grow your knowledge and skills and stay up to date on emerging trends and topics relevant to the team's portfolio.

Knowledge, Skills, and Abilities:

• Communication: You are an outstanding communicator and can interact collaboratively and diplomatically with customers and colleagues at all levels of knowledge and experience. You grasp the big picture, direction, and goals of an effort with ability to dig into the details on problems and technical concepts and provide clear direction. You can present complex ideas to people who may not have a deep understanding of the subject area.
• Dedication and Motivation: You can meet deadlines while multi-tasking-sometimes under pressure and with shifting priorities. You are self-motivated and can work toward a common vision with little oversight.
• Creativity and Innovation: You are creative and curious, and you are passionate about the prospect of collaborating with world-class researchers and visionaries at Carnegie Mellon University and other innovation-focused organizations.
• Knowledge and Learning: You possess broad technical interests along with a deep knowledge of penetration testing. You quickly learn new procedures, techniques, and approaches. You are forward-looking and can connect research with practical challenges. You are proactive regarding identifying new opportunities for professional development, and excited to apply an annual professional development budget to your continued knowledge and learning.

CMU's COVID-19 Vaccination Requirements: As a condition of employment, Carnegie Mellon University requires all staff and faculty working in the United States to be fully vaccinated, including a booster when eligible, against COVID-19. Prior to commencement of employment, new hires in the United States must provide proof of vaccination or obtain an approved exemption. (Exemptions may be requested for medical reasons or for religious or strong moral or ethical conviction.) Those granted an exemption must comply with all applicable COVID-19 mitigation requirements. The most up-to-date information on CMU's COVID-19 mitigation requirements can be found here: Minimum Requirements to Return to Campus.

Location

Job Function

Position Type

Full time/Part time

Pay Basis

More Information:

• Please visit "Why Carnegie Mellon" to learn more about becoming part of an institution inspiring innovations that change the world.

• Click here to view a listing of employee benefits

• Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.

• Statement of Assurance