Career Center

The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania and Arlington, Virginia. At CERT, we engage in state of the art research and development to improve the state of cybersecurity. As a Senior Cyber Security Engineer, we value your background in cybersecurity risk, policy, and governance.

The Cyber Risk Management (CRM) team develops solutions and advises public and private customers in matters pertaining to risk management. Our focus is to connect the board room to cyber risk management elements of the organization through more effective policies and practices. In this role, you will be apart of this team and work with fellow engineers to advance the state of practice. The CRM team develops solutions in the form of frameworks, models, tools, policies, practices, technical guidance, and training that allow organizations to assess, analyze, and manage organizational, operational, strategic, and technical risks to mission-critical assets, processes, systems, and infrastructures. The goal of the team is to promote innovation and collaboration across customer programs and within SEI.

You are focused, have a track record of crafting interdisciplinary approaches to problem solving, and demonstrate strong presentation and writing skills. You are able to communicate with clients and staff of all levels in a highly professional and competent manner. You love the flexibility of an organization that values hard work but appreciates work-life balance and professional development. More specifically, you have demonstrated the application of those skills to matters that pertain to risk management in the context of a cybersecurity or enterprise risk management organization. In your role, you will:

• shape national and organizational policy with respect to risk management and its application to strategic and cybersecurity related matters
• analyze and measure effectiveness of risk policy and governance
• develop roadmaps for improvement of cybersecurity capabilities through the use of appropriate tools and methods that support risk-based decision making
• participate in standards making bodies as they relate to risk management in organizations
• assist in implementation of risk policy and procedure
• participate in applied research of risk related topics
• Develop new tools and applications that support qualitative and quantitative risk analysis
• directly interface and support clients at client site
• seek opportunities to expand customer relationships through direct engagement
  

Requirements:

Education/Training:

• You should have a BS or BA in relevant field with ten (10) years of experience;
• A MS in a relevant field with eight (8) years of experience is preferred but not required
  

Experience:

• You should have Six (6) to Eight (8) years of experience in risk management policy, governance, or leadership.
• You may have other potential career backgrounds that could include: risk management, audit, IT security, compliance, or similar technical occupation.
• Certifications of interest that are preferred include the ISC^2 CISSP, CISA, or CISM. Others may pertain to general risk management, privacy risk, or others.
  

Experience, knowledge, and application of any number of the following subject matter areas;

• Strategic implementation of cyber risk management practices
• Metrics and measurements methodologies
• Understanding of the economics of risk and its impacts on cyber
• Subject matter expertise in the evaluation of cybersecurity controls and practices
• Risk management related standards, policies, and frameworks such as FAIR, NIST CSF, and NIST RMF
• Qualification and quantification of risk and the application of those processes in making risk-based decisions
• Risk management-based metrics and measurement
• Detailed understanding and application of risk to matters pertaining to privacy
• Organizational governance structure considerations related to risk management
• Knowledge of critical infrastructure protection concepts and standards
• Ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff
• Knowledge of supply chain risk management concepts and tools
• Ability to communicate with a range of audiences ranging from junior technical individual contributors to senior customer points of contacts
• Knowledge of information sharing practices and models
• Understanding of maturity model concepts
• Experience in an operational environment with an understanding of service related processes and technologies
• Cybersecurity concepts and technical implementations
• Cybersecurity standards, policies, and frameworks
  

Travel: Up to 25% travel to various customer locations

Mental:

• ability to meet deadlines while working on multiple tasks - sometimes with pressure to meet high expectations and shifting priorities
• ability to collaborate diplomatically and successfully with customers, co-workers and other professional colleagues, managers, and staff.
  

Other: You will be subject to a background investigation and must be able to obtain and/or maintain a Department of Defense security clearance.

Job Function Breakdown:

70% - You will participate in customer engagement to develop, analyze, and advise them on risk related matters.

20% - You will participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security, policy/governance, and resilience; transition research into applied knowledge for customers.

5% - You will attend and participate in conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% - You will engage in professional development activities such as additional training and interaction with professional organizations.

CMU's COVID-19 Vaccination Requirements: As a condition of employment, Carnegie Mellon University requires all staff and faculty working in the United States to be fully vaccinated, including a booster when eligible, against COVID-19. Prior to commencement of employment, new hires in the United States must provide proof of vaccination or obtain an approved exemption. (Exemptions may be requested for medical reasons or for religious or strong moral or ethical conviction.) Those granted an exemption must comply with all applicable COVID-19 mitigation requirements. The most up-to-date information on CMU's COVID-19 mitigation requirements can be found here: Minimum Requirements to Return to Campus.

Location

Job Function

Position Type

Full time/Part time

Pay Basis

More Information:

• Please visit "Why Carnegie Mellon" to learn more about becoming part of an institution inspiring innovations that change the world.

• Click here to view a listing of employee benefits

• Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.

• Statement of Assurance