InfoSec Monitoring & Response Lead

About The Position

Requirements

• Minimum of 8 years of related experience with a Bachelor’s degree; or 6 years and a Master’s degree; or a PhD with relevant experience who can immediately contribute at this job step; or equivalent combination of related education and work experience.
• Hands-on experience in cybersecurity operations, security monitoring, detection triage, and incident response in a large enterprise environment.
• Strong knowledge of enterprise security operations processes, incident handling methodologies, and cyber defense best practices.
• Experience with security operations tools and platforms such as SIEM, EDR, SOAR, ticketing/case management, threat intelligence platforms, and log analysis tools.
• Understanding of attacker tactics, techniques, and procedures and how to operationalize that knowledge in monitoring and response.
• Experience applying information security principles including least privilege, defense in depth, and secure operations.
• Experience shaping and improving security processes, workflows, and operational outcomes.
• Strong project and operational management skills.
• Must have an active Secret U.S Government issued Security Clearance.
• Per the U.S. Government’s eligibility requirements, you must be a U.S Citizen to be considered for a security clearance.
• This position requires a minimum of 50% hybrid on-site.

Nice To Haves

• Experience as an M&R Analyst or leading a Technical Cyber IR team.
• Experience managing or leading security operations analysts, responders, or similar cyber defense personnel.
• Experience with digital forensics, host-based investigations, network analysis, and cloud incident response.
• Knowledge of security controls and frameworks such as CMMC, NIST 800-171, NIST 800-61, MITRE ATT&CK, and related cyber defense standards.
• Understanding of both cloud and on-premises enterprise environments and the associated monitoring and response challenges.
• Experience with automation and orchestration to improve analyst efficiency and response speed.
• Experience managing vendor relationships, managed service providers, or contracted service providers.
• Experience with business processes such as staffing, workforce planning, performance management, and budgeting support.
• Strong written and verbal communication skills, with the ability to brief technical teams, leadership, and cross-functional stakeholders.
• Proven ability to build trusted relationships and work collaboratively across technical, operational, and business functions.

Responsibilities

• Lead daily operations, ensuring timely triage, investigation, escalation and resolution of security events.
• Manage operational workflows, priorities, and analyst execution across monitoring and response activities.
• Partner closely with the Threat Intelligence and Detection Engineering team to improve alert fidelity, response playbooks, and threat-informed monitoring.
• Provide technical domain-specific knowledge and leadership to the M&R team.
• Drive operational consistency through documented procedures, escalation paths, and response workflows.
• Serve as the technical lead for cyber incident response, coordinating investigation, containment, eradication, and recovery activities across affected stakeholders and technical teams.
• Provide clear direction, rapid decision-making, and effective execution during IR.
• Conduct or oversee forensic triage, scope analysis, evidence collection coordination, impact assessment, and root cause analysis as needed.
• Lead post-incident reviews and ensure lessons learned are translated into improved detections, response actions, and control enhancements.
• Communicate incident status, operational risks, and response recommendations clearly to technical and non-technical audiences.
• Plan, develop, and oversee M&R operational outcomes.
• Track M&R work and priorities while ensuring effective execution across the team.
• Drive continual improvement of monitoring coverage, response effectiveness, and analyst efficiency.
• Identify gaps in visibility, coverage, and telemetry and recommend improvements to tooling, instrumentation, and detections.
• Help ensure the team has the skills, coverage, and readiness needed to support MITRE’s cyber defense mission.
• Help evaluate tools, platforms, and service providers that improve cyber monitoring and incident response operations.
• Contribute to roadmap development for M&R and incident response capability maturation across people, process, and technology.
• Collaborate with peer organizations across Cyber Defense Operations, other cybersecurity departments, and the Enterprise Technology division.
• Use threat intelligence, incident trends, and operational metrics to drive improvements in use cases, procedures, and response capabilities.
• Lead, coach, and develop cyber monitoring and response personnel, helping build a high-performing and mission-focused team environment.
• Establish performance expectations, provide regular feedback, and support staff growth in technical and operational competencies.
• Build team capabilities in emerging monitoring, automation, and incident response practices.
• Manage the M&R budget, including training and travel for the team.
• Evaluate the cost, effectiveness, and operational value of current and potential tools and services.
• Be an active member of the Cyber Senior Leadership Team.
• Ensure staff are assigned meaningful work and are appropriately planned against operational and project needs.
• Represent the needs and unique perspectives of staff to Department leadership.
• Advocate for M&R competencies and establish new work opportunities.
• Ensure the hiring, development, and shaping of skills, capabilities, and diversity needed within the team’s workforce.

Benefits

• MITRE offers competitive benefits and exceptional professional development opportunities for career growth. Benefits information may be found here.