Senior Cybersecurity Engineer

Carnegie Mellon University•Pittsburgh, PA

1d•Hybrid

About The Position

Cybersecurity Risk Engineers at the SEI use advanced skills in statistics, mathematics, risk analysis, systems engineering, economics and other technical fields in an interdisciplinary manner to help our government and industry mission partners to identify, research, and solve cyber security challenges. In this role, you will work with our mission partners to identify areas where advanced quantitative & technical skills can help tackle problems, plan and develop prototype solutions, and create final products designed to better manage risk. You'll work with cyber security professionals and university collaborators to build new technologies that will influence national cyber security strategies for decades to come. You will build and evaluate models, create products, conduct applied research, present findings to stakeholders, and develop transition plans for solutions to our partners. Our team works on a wide range of projects. Our current research focus includes experimental designs for measuring cyber risk, researching methodologies for improvement of risk-based decision making, and building and evaluating models to identify security vulnerabilities. Additionally, we work on developing and conducting organizational security assessments, evaluating risk management programs, threat modeling, economics of cybersecurity and measurement. If you are an experienced researcher with an interest in risk management and cybersecurity, we want to hear from you! As a Senior Cyber Risk Engineer, you will work directly with government, industry, and academic partners to identify, analyze, and solve complex cybersecurity risk management challenges. You will apply expertise in statistics, mathematics, risk analysis, systems engineering, and data science to develop innovative approaches for measuring, modeling, and managing cyber risk. Your work will help shape cybersecurity strategies, influence risk-based decision making, and improve the resilience of mission-critical systems and services.

Requirements

BS degree in Computer Science, Statistics, Engineering, Mathematics, Economics, Data Science, or a related highly quantitative discipline with ten (10) years of applicable experience; or a MS degree in a relevant discipline with eight (8) years of applicable experience; or a PhD in a relevant discipline with five (5) years of applicable experience.
Track record of applying advanced analytical methods to solve complex cybersecurity challenges and delivering impactful technical outcomes.
Expertise in one or more areas including cybersecurity risk management, risk quantification, statistics, econometrics, systems engineering, machine learning, modeling and simulation, or data science.
Focused on developing practical solutions that improve risk-based decision making for mission partners.
Ability to lead multidisciplinary teams in analyzing and solving real-world cybersecurity and risk management problems.
Ability to guide research efforts, develop analytical frameworks, and influence technical direction while collaborating with researchers, engineers, government stakeholders, and external partners.
Experience contributing to multiple simultaneous projects and thriving in a fast-paced research environment.
Willingness to experiment with innovative analytical techniques, explore emerging technologies, and develop new methodologies that advance cybersecurity risk management and measurement.
Enjoy mentoring and motivating team members.
Contribute to the development of technical talent through knowledge sharing, collaboration, and professional guidance.
Outstanding communication skills and ability to interact collaboratively and diplomatically with customers, mission partners, researchers, and colleagues at all levels.
Understanding of both strategic objectives and technical details and ability to communicate complex analytical findings to audiences with varying levels of technical expertise.
Ability to obtain and maintain a Department of War security clearance.
Currently legally authorized to work for CMU in the United States.
Understanding of risk management principles and their application to cybersecurity.
Experience performing cyber risk analysis, risk quantification, or security measurement.
Expertise in one or more quantitative disciplines such as statistics, mathematics, econometrics, operations research, systems engineering, data science, or machine learning.
Experience developing and applying statistical models, predictive analytics, or simulation techniques.
Experience with uncertainty quantification, probabilistic analysis, or decision science methodologies.
Experience conducting threat modeling, vulnerability analysis, or security assessments.
Knowledge of cybersecurity risk management frameworks and methodologies.
Experience evaluating organizational cybersecurity programs and risk management practices.
Experience developing analytical tools, models, or decision-support capabilities.
Strong analytical, problem-solving, and critical-thinking skills.

Nice To Haves

Experience in cyber risk quantification and measurement.
Experience in econometrics, applied statistics, or quantitative risk analysis.
Experience in uncertainty quantification and probabilistic modeling.
Experience in machine learning, data science, or advanced analytics.
Experience in modeling and simulation.
Experience conducting threat modeling and vulnerability analysis.
Experience evaluating organizational cybersecurity and risk management programs.
Experience supporting test and evaluation activities for large-scale government research programs.
Demonstrated ability to learn new concepts and grow into emerging technical areas.
Strong technical writing, editing, and presentation skills.
Experience working with government agencies, defense organizations, federally funded research centers, or academic institutions is a plus.

Responsibilities

Identify areas where advanced quantitative & technical skills can help tackle problems
Plan and develop prototype solutions
Create final products designed to better manage risk
Build and evaluate models
Create products
Conduct applied research
Present findings to stakeholders
Develop transition plans for solutions to our partners
Develop innovative approaches for measuring, modeling, and managing cyber risk
Help shape cybersecurity strategies
Influence risk-based decision making
Improve the resilience of mission-critical systems and services
Design and conduct applied research in cybersecurity, risk management, or related fields
Develop analytical tools, models, or decision-support capabilities
Collaborate effectively within multidisciplinary teams of researchers, engineers, and cybersecurity professionals
Communicate complex technical concepts and analytical findings to both technical and non-technical audiences
Work collaboratively, diplomatically, and effectively with customers, colleagues, researchers, and senior stakeholders
Lead multidisciplinary teams in analyzing and solving real-world cybersecurity and risk management problems
Guide research efforts
Develop analytical frameworks
Influence technical direction while collaborating with researchers, engineers, government stakeholders, and external partners
Contribute to multiple simultaneous projects
Experiment with innovative analytical techniques
Explore emerging technologies
Develop new methodologies that advance cybersecurity risk management and measurement
Mentor and motivate team members
Contribute to the development of technical talent through knowledge sharing, collaboration, and professional guidance