This job is closed

We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.

Sr. Vulnerability Researcher

Carnegie Mellon University - Pittsburgh, PA

posted 3 days ago

Full-time - Senior
Pittsburgh, PA
Educational Services

About the position

The Software Engineering Institute (SEI) at Carnegie Mellon University is a Federally Funded Research and Development Center (FFRDC) focused on advancing software engineering, cybersecurity, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time. The SEI CERT Division is seeking applicants for the Senior Vulnerability Researcher role. The Vulnerability Analysis Team, within the Threat Analysis Directorate, is an elite team of National Security dedicated personnel that work to reduce the societal harm from vulnerable information processing systems and related processes. The Vulnerability Analysis Team has three core functions: 1) research and development (R&D) of systemic software vulnerabilities and Coordinated Vulnerability Disclosure (CVD) processes; 2) vulnerability response and management to mitigate priority vulnerabilities; and 3) vulnerability community outreach and engagement to influence software policies and standards. As a Senior Vulnerability Researcher you will have opportunity to advance the start-of-the-art in software and system vulnerability research and advance the CVD operations in a national and global scale. You'll also collaborate with network defenders, developers, security researchers, and policymakers, and share findings through advisories, papers, and tools. You will have the opportunity to influence upcoming technology trends leading to more secure and sustainable systems.

Responsibilities

  • Develop state of the art approaches to analyze assembled software in various forms.
  • Apply these approaches to discover and understand systemic vulnerabilities in software systems and how threats evolve from these enable attacker's tradecraft.
  • Study and influence the software security ecosystem to address the entire vulnerability lifecycle.
  • Evaluate vulnerability analysis reports submitted by world-class researchers to assess and analyze these with a strong grasp of the details.
  • Employ vulnerability analysis to uncover fundamental assumptions and flaws in the current underlying software and system development practices.
  • Conduct vulnerability response and management (CVD) to mitigate discovered or reported software, system, AI, and systemic vulnerabilities.
  • Improve the CVD process and supporting tools to scale and address vulnerabilities in a timely fashion.
  • Publish reports, technical notes, white papers, Vulnerability Notes, and blog posts to a variety of audience.
  • Conduct outreach and engagement activities across the vulnerability communities (public and private) to influence software security policies and standards.

Requirements

  • Vulnerability research, discovery, assessment, analysis, disclosure, and mitigation.
  • Applying knowledge of technology, systems architecture, and security best practices to practical problems in enterprise security.
  • Advising on a range of security topics based on research, development, and expert opinion.
  • Organizing, planning, and executing complex projects.
  • Communicating complex system designs, technical approaches and road maps to sponsors, project managers and technical staff, and the ability to distill the implications of complex research results and apply those results to large-scale operations.
  • Applying modern data-driven research methods to cost-effectiveness analysis, risk analysis and information security decision making and collaborating on industry and academic community projects.
  • Developing software in a variety of software programming languages both modern and legacy.
  • Mathematical programming, statistical modeling, or machine learning.
  • Recognizing and properly handling confidential and sensitive information.

Benefits

  • 8% monthly contribution for your retirement, without having to contribute yourself.
  • Tuition benefits to CMU and other institutions for you and your dependent children.
  • Healthy work/life balance with flexible work arrangements and paid parental and military leave.
  • Access to university resources including mindfulness programs, childcare and back-up care benefits, a monthly transit benefit on WMATA, free transportation on the Pittsburgh Regional Transit System.
  • Annual professional development opportunities; attend conferences and training or obtain a certification and get reimbursed for membership in professional societies.
  • Qualify for relocation assistance.
Job Description Matching

Match and compare your resume to any job description

Start Matching

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service