Senior Risk Engineer

Senior Risk Engineer

08 Apr 2021
Pennsylvania, Pittsburgh, 15201 Pittsburgh USA

Senior Risk Engineer




The Software Engineering Institute (SEI) helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.


Summary for Senior Risk Engineer:

The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania and Arlington, Virginia. At CERT, we engage in state of the art research and development to improve the state of cybersecurity. As a Senior Cyber Security Engineer, we value your background in cybersecurity risk, policy, and governance.

The Cyber Risk Management (CRM) team develops solutions and advises public and private customers in matters pertaining to risk management. Our focus is to connect the board room to cyber risk management elements of the organization through more effective policies and practices. In this role, you will be apart of this team and work with fellow engineers to advance the state of practice. The CRM team develops solutions in the form of frameworks, models, tools, policies, practices, technical guidance, and training that allow organizations to assess, analyze, and manage organizational, operational, strategic, and technical risks to mission-critical assets, processes, systems, and infrastructures. The goal of the team is to promote innovation and collaboration across customer programs and within SEI.

You are focused, have a track record of crafting interdisciplinary approaches to problem solving, and demonstrate strong presentation and writing skills . You are able to communicate with clients and staff of all levels in a highly professional and competent manner. You love the flexibility of an organization that values hard work but appreciates work-life balance and professional development. More specifically, you have demonstrated the application of those skills to matters that pertain to risk management in the context of a cybersecurity or enterprise risk management organization.

  • BS or BA in relevant field with ten (10) years of experience or a Masters in a relevant field with eight (8) years of experience is preferred or PhD in a relevant field with five (5) years of experience.
  • Willingness to travel to various locations to support the SEI's overall mission. (25% travel)
  • You will b e subject to a background check and would need to be eligible to obtain and maintain a Department of Defense security clearance

  • S hape national and organizational policy with respect to risk management and its application to strategic and cybersecurity related matters
  • Analyze and measure effectiveness of risk policy and governance
  • Develop roadmaps for improvement of cybersecurity capabilities through the use of appropriate tools and methods that support risk-based decision making
  • Participate in standards making bodies as they relate to risk management in organizations
  • Assist in implementation of risk policy and procedure
  • Participate in applied research of risk related topics
  • Develop new tools and applications that support qualitative and quantitative risk analysis
  • Directly interface and support clients at client site
  • Seek opportunities to expand customer relationships through direct engagement

Knowledge, Skills and Abilities:

Experience, knowledge, and application of any number of the following subject matter areas:
  • Strategic implementation of cyber risk management practices
  • Metrics and measurements methodologies
  • Understanding of the economics of risk and its impacts on cyber
  • Subject matter expertise in the evaluation of cybersecurity controls and practices
  • Risk management related standards, policies, and frameworks such as FAIR, NIST CSF, and NIST RMF
  • Qualification and quantification of risk and the application of those processes in making risk-based decisions
  • Risk management-based metrics and measurement
  • Detailed understanding and application of risk to matters pertaining to privacy
  • Organizational governance structure considerations related to risk management
  • Knowledge of critical infrastructure protection concepts and standards
  • Ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff
  • Knowledge of supply chain risk management concepts and tools
  • Ability to communicate with a range of audiences ranging from junior technical individual contributors to senior customer points of contacts
  • Knowledge of information sharing practices and models
  • Understanding of maturity model concepts
  • Experience in an operational environment with an understanding of service related processes and technologies
  • Cybersecurity concepts and technical implementations
  • Cybersecurity standards, policies, and frameworks
  • Certifications of interest include the ISC2 CISSP, CISA, or CISM. Oth ers may pertain to general risk management, privacy risk, or others.

More Information:

Please visit

"Why Carnegie Mellon" to learn more about becoming part of an institution inspiring innovations that change the world.

A listing of employee benefits is available at



Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran

Statement of Assurance:

Related jobs

Job Details

Jocancy Online Job Portal by jobSearchi.