Security Data Analyst

What We Do:

Our team, within the Cyber Risk and Resilience Directorate, researches, designs, and develops software tools for the collection, storage, and analysis of network data to provide security insights. We provide both the core network tools to facilitate this capability, and prototypes of new methods to present the data most effectively. We work with data at a scale generally not experienced by most organizations, handling record counts in the tens of billions per day.

Developing security insights at this scale requires creativity, efficiency, and contemporary knowledge of modern computing platforms. In some cases, the computing has outpaced the methods, and it is incumbent upon us to generate novel views of both the entire data collection, and of focused datasets tailored to specific analyst needs.

Our network situational awareness security tools are published here: https://tools.netsa.cert.org/

Position Summary:

As a security data analyst on the Products team you will research network and host-based security threats to develop methods of detection and tailor these for partner environments. Transition of this research will take the form of developing detection capabilities, providing new requirements and feature requests for our NetSA Security tool suite, writing publications, and providing customer-specific training. The primary network data source for the team is netflow combined with application layer metadata, with an expanding focus on host-based (e.g., EDR) and cloud telemetry.

You will be responsible for gaining insights from data to facilitate detections, working with partners to help them to better understand their data and researching new data sources to expand the expertise of the team.

Requirements: 

• BS with 8 years of experience, an MS with 5 years of experience, or a PhD with 2 years of experience in Computer Science, or a related field.

• Movement between buildings within the SEI and CMU community required.
• Willingness to travel to various locations to support the SEI’s overall mission. This may include national travel to sponsor sites, conferences, and offsite meetings on occasion.
• You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities: 

• Ability to translate threat intelligence to avenues for research, prototyping, and curation of detection capabilities.
• Strong knowledge of network fundamentals, common application layer protocols, and network-based telemetry.
• Strong proficiency in at least one scripting or programming language such as Python, Go, Ruby, C, Java, or Scala.
• Strong problem-solving skills, detailed research, and ability to document and communicate ideas and findings to diverse audience.
• Ability to present technical topics to audiences from senior leadership to technical experts

Desired Experience:

• Hands-on experience in a security research, threat hunting, detection engineering, and / or SOC Analyst role
• Experience analyzing network telemetry such as netflow, application metadata, or PCAP from network sensors such as YAF, Zeek, or Suricata; or experience analyzing host-based telemetry from one or more commercial EDR products.
• Strong domain knowledge in security operations and related functions
• Awareness of the threat landscape and experience researching and investigating threats
• Familiarity with services available in AWS, Azure, or Google Cloud and experience with deploying resources in cloud environments

Job Function Breakdown:

75% - Threat and detection research

15% - Automation of analysis and detections

10% - Transition of research to partners, the public, or for internal collaboration and integration

TOTAL=100%

Our benefits

Our benefits philosophy encompasses three driving priorities: choice, control, and well-being. Through Carnegie Mellon University, the SEI offers a wide range of competitive employee benefits, including comprehensive health insurance, tuition benefits, generous time off, and a robust retirement savings policy to name a few.

To learn more, visit these resources:

Why Carnegie Mellon  to learn more about becoming part of an institution inspiring innovations that change the world. 

Benefits at Glance  to get a listing of all employee benefits.

Staff Member Benefits  to get detailed information about benefits for employees who are not faculty. 

Why work here?

• Join a world-class organization that has significant impact with software in government.
• Work with cutting edge technologies and experts to solve tough problems for the government and the nation.
• Publish your research, attend or present at prestigious events, and enjoy annual professional development opportunities.
• Get an 8% monthly contribution for your retirement plan without having to contribute to it yourself.
• Get tuition benefits to attend classes at Carnegie Mellon University for you and your dependent children.
• Get access to university resources, including campus fitness facilities, mindfulness programs, childcare, free transportation on the Port Authority Transit System, and more.
• Enjoy paid parental and military leave.
• Qualify for relocation assistance.
• Work in the heart of Oakland, a few blocks from the Carnegie Mellon University and the University of Pittsburgh.

 

Location

Arlington, VA, Pittsburgh, PA

Job Function

Software/Applications Development/Engineering

Position Type

Staff – Regular

Full time/Part time

Full time

Pay Basis

Salary
More Information: 

• Please visit “Why Carnegie Mellon ” to learn more about becoming part of an institution inspiring innovations that change the world. 

• Click here to view a listing of employee benefits

• Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran. 

• Statement of Assurance