Lead Cybersecurity Assessment Engineer

The MITRE Corporation•McLean, VA

3d•Hybrid

About The Position

The Cyber Solutions Innovation Center creates solutions using threat-informed cybersecurity approaches to enhance the security, safety, and resiliency of critical cyber systems and infrastructure. The Cyber Assessments and Security Automation department serves as MITRE’s resource for cyber risk evaluation and security innovation. Our team is dedicated to advancing the field of cybersecurity by combining deep expertise in risk assessment with cutting-edge automation technologies. This dual focus enables us to address the evolving needs of our sponsors, ensuring scalable and effective cybersecurity solutions that meet today’s challenges and anticipate tomorrow’s threats. Our work is defined by innovation, exemplified through initiatives like SAF, ECHO, and ACT, which demonstrate our commitment to developing transformative tools and methodologies. By leveraging automation, we empower organizations to enhance their security posture efficiently and effectively, positioning them to stay ahead in an increasingly complex cyber landscape. The Cyber Assessments and Security Automation department reflects MITRE’s leadership in cybersecurity, making our value clear to sponsors and internal stakeholders alike. We don’t just assess risks; we innovate solutions that drive the future of cybersecurity. The Cyber Assessments and Security Automation department within the Cyber Solutions Innovation Center is seeking a Lead level Cybersecurity Assessment Engineer to lead the department’s contributions across our portfolios. The department supports all of MITRE by providing a variety of cyber assessment products plus overall cyber engineering skills. The Lead Cybersecurity Assessment Engineer position will be a core member of the department and government technical team and serve as the first-line support for various sponsors. The position requires direct contributions to our diverse work programs.

Requirements

Requires a minimum of 8 years of related experience with a Bachelor’s degree; or 6 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
Experience with RMF, NIST SP-800 series, and Security Controls Assessment (SCA).
Experience in software engineering and systems engineering, including requirements analysis and technical writing.
Familiarity with Windows, Linux, macOS/Open BSD, and VxWorks/Tornado operating systems.
Proficiency in programming languages including Java, C#, C++, Python, Perl, Visual Basic, ASP.NET, PHP, COBOL.
Certifications: CISSP, Certified Ethical Hacker (CEH), Network+, AWS Certified Cloud Practitioner.
This position requires a minimum of 50% hybrid on-site
Per the U.S. Government’s eligibility requirements, you must be a U.S Citizen to be considered for a security clearance

Nice To Haves

Active Top Secret Security Clearance.
Graduate-level degree in a technical discipline (Cybersecurity, Information Assurance, etc.).
12 years related experience as a cybersecurity analyst/systems engineer.
Experience with advanced assessment techniques utilizing Kali Linux, Burp Suite, Wireshark, etc.
Experience with various Security Information and Event Management (SIEM) platforms (Splunk, QRadar, Tenable products, etc.)
Experience with offensive and defensive cybersecurity operations, including penetration testing
Experience with various Information Technology (IT) operations in enterprise environments including system integration, device/network hardening, server administration, network maintenance, etc.
Certified Information Systems Security Professional (CISSP)
GIAC Penetration Tester (GPEN), GIAC Certified Intrusion Analyst (GCIA)
CompTIA Security+, CompTIA Network+, CompTIA Linux+

Responsibilities

Expertise conducting cybersecurity assessments and workshops for government agencies.
Develop and implement security strategies, and provide mentorship to junior assessors.
Cybersecurity Risk Management: Expert knowledge of cybersecurity risk management frameworks and methodologies.
Vulnerability Assessment & Penetration Testing: Conduct vulnerability assessments, penetration testing, and ethical hacking of applications and systems to identify and remediate security weaknesses.
Security Controls Assessment: Conduct Security Controls Assessments (SCA), workshops, and audits for internal teams and partner organizations.
Security Tools Utilization: Utilize a variety of security tools—including Burp Suite, Nessus, Splunk, QRadar, WireShark, eMASS, and others—to support security operations and assessments.
Contribute technically to one or more Sponsor tasks.
Collaborate effectively with MITRE, government, and contractors; effectively communicate in writing, presentations, and collaborative discussions; and interface with peers, managers, and sponsors.
Promote collaboration and integration with other organizational elements within the department and across MITRE.