The Software Engineering Institute (SEI) at Carnegie Mellon University is a Federally Funded Research and Development Center (FFRDC) focused on advancing software engineering, cybersecurity, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Additionally, Artificial Intelligence (AI) engineering is a key focus area, as the SEI recently developed the AI Security Incident Response Team (AISIRT) to fill the need for a capability that can identify, analyze, and respond to threats, vulnerabilities, and incidents that emerge from ongoing advances in AI and machine learning (ML).

The Vulnerability Analysis Team, within the Threat Analysis Directorate, is an elite team of National Security dedicated personnel that work to reduce the societal harm from vulnerable information processing systems and related processes. The Vulnerability Analysis Team has three core functions: 1) research and development (R&D) of systemic software vulnerabilities and Coordinated Vulnerability Disclosure (CVD) processes; 2) vulnerability response and management to mitigate priority vulnerabilities; and 3) vulnerability community outreach and engagement to influence software policies and standards.

As an Associate Vulnerability Researcher you will have opportunity to advance the start-of-the-art in software and system vulnerability research and advance CVD operations of vulnerabilities on national and global scales. You’ll also collaborate with network defenders, developers, security researchers, and policymakers, and share findings through advisories, papers, and tools. You will also have the opportunity to influence upcoming technology trends leading to more secure and sustainable systems, including AI/ML systems.

What you’ll do

Enable and develop state-of-the-art approaches, techniques, and processes for analyzing executable code.
Apply these approaches, techniques, and processes to understanding systemic vulnerabilities in software systems (including AI/ML) and how attackers adapt their tradecraft to exploit those vulnerabilities.
Integrate threat intelligence into ongoing systemic vulnerability R&D, analysis of AI-related threats, and analysis of malware analysis samples analysis.
Study and influence the software security and vulnerability disclosure ecosystems; evaluate the effectiveness of tools, techniques, and processes developed by industry and the security research community.
Uncover some of the fundamental assumptions underlying current best practices in software security (including AI/ML).
Conduct vulnerability response and management to mitigate discovered and/or reported software and system vulnerabilities.
Publish reports, technical notes, white papers, Vulnerability Notes, and/or blog posts to a variety of audiences.
Develop models, tools, and data sets that can be used to characterize the threats to, and vulnerabilities in, software systems; aid in testing, evaluating, and transitioning technologies developed by government-funded research programs.
Conduct outreach and engagement activities across the vulnerability communities (public and private) to influence software security policies and standards.

Who you are

You have a deep interest in cybersecurity with an intellectual curiosity and desire to make an impact beyond your organization.
You enjoy developing and communicating innovative ideas and thinking creatively to solve tough problems.
You relate collaboratively and diplomatically with people inside and outside the organization.
You have a strong understanding of research methods in computer science, engineering and security, and related fields to include Internet fundamentals such as network protocols
You enjoy mentoring and training others as well as sharing knowledge.

You have experience

Vulnerability research, analysis, discovery, disclosure, and mitigation.
Organizing, planning, and executing complex projects.
Cyber threat intelligence analysis and application.
Applying knowledge of technology, systems architecture, and security best practices to practical problems in enterprise security.
Advising on a range of security topics based on research and expert opinion.
Communicating complex system designs, technical approaches and road maps to sponsors, project managers and technical staff, and the ability to distill the implications of complex research results and apply those results to government operations.
Applying modern data-driven research methods to cost-effectiveness analysis, risk analysis and information security decision making and collaborating on industry and academic community projects.
Developing software in Python and other modern programming languages
Mathematical programming, statistical modeling, or machine learning.
Recognizing and properly handling confidential and sensitive information.
Applying cybersecurity knowledge to areas such as AI/ML domain and open-source software.
Automating existing security practices.

You have

BS in Computer Science, Information Science, or Analytical discipline with three (3) years of experience; OR MS in the same fields with one (1) year of experience.
Willingness to travel to various locations to support the SEI’s overall mission. This includes sponsor sites, conferences, and offsite meetings on occasion. Moderate Travel (10-15%)
Are subject to a background check and obtain and maintain an active Department of Defense security clearance. Applicants for this position must be currently legally authorized to work for CMU in the United States. CMU will not sponsor or take over sponsorship of an employment visa for this opportunity.

Location

Pittsburgh, PA

Job Function

Software/Applications Development/Engineering

Position Type

Staff – Regular

Full time/Part time

Full time

Pay Basis

Salary

More Information:

Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world.
Click here to view a listing of employee benefits
Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.
Statement of Assurance

What you’ll do

Enable and develop state-of-the-art approaches, techniques, and processes for analyzing executable code.
Apply these approaches, techniques, and processes to understanding systemic vulnerabilities in software systems (including AI/ML) and how attackers adapt their tradecraft to exploit those vulnerabilities.
Integrate threat intelligence into ongoing systemic vulnerability R&D, analysis of AI-related threats, and analysis of malware analysis samples analysis.
Study and influence the software security and vulnerability disclosure ecosystems; evaluate the effectiveness of tools, techniques, and processes developed by industry and the security research community.
Uncover some of the fundamental assumptions underlying current best practices in software security (including AI/ML).
Conduct vulnerability response and management to mitigate discovered and/or reported software and system vulnerabilities.
Publish reports, technical notes, white papers, Vulnerability Notes, and/or blog posts to a variety of audiences.
Develop models, tools, and data sets that can be used to characterize the threats to, and vulnerabilities in, software systems; aid in testing, evaluating, and transitioning technologies developed by government-funded research programs.
Conduct outreach and engagement activities across the vulnerability communities (public and private) to influence software security policies and standards.

Who you are

You have a deep interest in cybersecurity with an intellectual curiosity and desire to make an impact beyond your organization.
You enjoy developing and communicating innovative ideas and thinking creatively to solve tough problems.
You relate collaboratively and diplomatically with people inside and outside the organization.
You have a strong understanding of research methods in computer science, engineering and security, and related fields to include Internet fundamentals such as network protocols
You enjoy mentoring and training others as well as sharing knowledge.

You have experience

Vulnerability research, analysis, discovery, disclosure, and mitigation.
Organizing, planning, and executing complex projects.
Cyber threat intelligence analysis and application.
Applying knowledge of technology, systems architecture, and security best practices to practical problems in enterprise security.
Advising on a range of security topics based on research and expert opinion.
Communicating complex system designs, technical approaches and road maps to sponsors, project managers and technical staff, and the ability to distill the implications of complex research results and apply those results to government operations.
Applying modern data-driven research methods to cost-effectiveness analysis, risk analysis and information security decision making and collaborating on industry and academic community projects.
Developing software in Python and other modern programming languages
Mathematical programming, statistical modeling, or machine learning.
Recognizing and properly handling confidential and sensitive information.
Applying cybersecurity knowledge to areas such as AI/ML domain and open-source software.
Automating existing security practices.

You have

BS in Computer Science, Information Science, or Analytical discipline with three (3) years of experience; OR MS in the same fields with one (1) year of experience.
Willingness to travel to various locations to support the SEI’s overall mission. This includes sponsor sites, conferences, and offsite meetings on occasion. Moderate Travel (10-15%)
Are subject to a background check and obtain and maintain an active Department of Defense security clearance. Applicants for this position must be currently legally authorized to work for CMU in the United States. CMU will not sponsor or take over sponsorship of an employment visa for this opportunity.

Location

Pittsburgh, PA

Job Function

Software/Applications Development/Engineering

Position Type

Staff – Regular

Full time/Part time

Full time

Pay Basis

Salary

More Information:

Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world.
Click here to view a listing of employee benefits
Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.
Statement of Assurance

Associate Vulnerability Researcher

Associate Vulnerability Researcher

More Information:

Associate Vulnerability Researcher

Location

Workplace

Type

Posted

Website

Similar Jobs

Company

For job seekers

For companies

Cyber Security jobs

Associate Vulnerability Researcher

Associate Vulnerability Researcher

More Information:

Associate Vulnerability Researcher

Location

Workplace

Type

Posted

Website

Similar Jobs

Associate Vulnerability Researcher

Vulnerability Researcher (Remote, IND)

Vulnerability Researcher (Remote, IND)

Vulnerability researcher III (Remote, IND)

Vulnerability researcher III (Remote, IND)

Vulnerability Researcher Intern – 2025

Associate Security Researcher

Senior Advisor, Vulnerability Threat Management

Manager II, Cybersecurity

CNO Programmer Intern - 2025