Join Our Team as a Senior Vulnerability Researcher
Welcome to the Software Engineering Institute (SEI) at Carnegie Mellon University! Our mission is to advance software engineering principles and practices, serving as a national resource in software engineering, cybersecurity, and process improvement. We collaborate closely with defense and government organizations, industry leaders, and academia to enhance software-intensive systems.
About SEI's CERT Division
Our CERT Division is on the lookout for a skilled Senior Vulnerability Researcher to join our Vulnerability Analysis Team within the Threat Analysis Directorate. Our team is composed of internet security experts dedicated to advancing vulnerability assessment, coordinated vulnerability disclosure, and software security both nationally and globally. We actively engage with communities of network defenders, software developers, vendors, security researchers, and policymakers. Our contributions include publishing security advisories, papers, blog posts, data, and tools.
What You’ll Do
- Develop state-of-the-art methods for analyzing executable code.
- Analyze systemic vulnerabilities in software systems and how attackers exploit these weaknesses.
- Influence and study the software security and vulnerability disclosure ecosystems.
- Evaluate tools, techniques, and processes developed by the industry and research community.
- Identify fundamental assumptions in current software security best practices.
- Create models, tools, and datasets to characterize threats and vulnerabilities in software systems.
- Support government-funded research programs through testing, evaluation, and technology transition.
Who You Are
We are searching for someone who has a deep interest in cybersecurity and a desire to make a significant impact. You should be innovative, creative, and enjoy communicating new ideas. You should also possess a robust understanding of research methods in computer science, engineering, and security, along with internet fundamentals, including network protocols and provider operations.
Required Experience & Skills
- Vulnerability research, analysis, disclosure, and mitigation.
- Applying technology, systems architecture, and security best practices to enterprise security problems.
- Advising on security topics based on research and expert opinion.
- Organizing and planning complex projects.
- Communicating complex system designs and research findings to diverse audiences.
- Utilizing modern data-driven research methods for cost-effectiveness, risk analysis, and security decision-making.
- Developing software in Python and other modern programming languages.
- Mathematical programming, statistical modeling, or machine learning.
- Handling confidential and sensitive information appropriately.
- Applying cybersecurity knowledge to AI/ML domains and open-source software.
- Automating existing security practices.
Educational Background
BS in Computer Science, Information Science, or an Analytical discipline with 10 years of experience; OR MS in the same fields with 8 years of experience; OR PhD in the same fields with 5 years of experience.
Travel & Security Clearance: Willingness to travel (15%) to various locations and support SEI’s mission. Must pass a background check and obtain Department of Defense security clearance. Must be authorized to work for CMU in the United States.
Why Work Here?
- Be part of a world-class organization making significant impacts on software engineering.
- Engage with cutting-edge technologies and solve tough problems for the government and the nation.
- Receive an 8% monthly retirement contribution without having to contribute yourself.
- Enjoy tuition benefits for you and your dependent children to CMU and other institutions.
- Maintain a healthy work/life balance with flexible work arrangements and paid parental/military leave.
- Access university resources like mindfulness programs, childcare, transit benefits, and free public transportation.
- Benefit from professional development opportunities, including conferences, training, and membership reimbursements.
- Qualify for relocation assistance and more.
Location
Pittsburgh, PA
Job Function
Software/Applications Development/Engineering
Position Type
Staff – Regular
Full Time/Part Time
Full Time