Lead Cybersecurity Operations Engineer
About The Position
MITRE is a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. The Defensive Cyber Operations Department (L511) within the Cyber Operations & Effects Technical Center (L510), is seeking a lead for members based in Colorado and California. Location at MITRE’s Colorado Springs site is preferred for this role but not required. L511 houses MITRE’s Defensive Cyber Operations, Cyber Deception and Adversary Engagement, and Cybersecurity Analytics and Malware Analysis technical capability areas. Staff members in this group are aligned to one or more of these capability areas. As such, the Lead must be able and willing to be a direct contributor to Cyber Operations & Effects related capabilities, projects, tasks, or research.
Requirements
- Typically requires a minimum of 8 years of related experience with a Bachelor’s degree; or 6 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
- Demonstrated ability to work effectively as part of a team, across sponsors, and across MITRE as appropriate and experience leveraging relationships to benefit staff and work programs.
- Possess experience across MITRE to help group members network and make connections.
- Solid understanding and experience with operational cyber security practices and commonly used technologies.
- Excellent writing and communication skills.
- Experience leading teams or projects/tasks.
Nice To Haves
- Experience applying AI/ML to cyber operations, reverse engineering, digital investigations, or mission analytics.
- Experience and knowledge of MITRE ATT&CK implementation.
Responsibilities
- Provide engineering support for a Centralized Logging Initiative.
- Help stand up and maintain a centralized log collection tier for the sponsor organization.
- Consult and interface with customers to understand log collection requirements and provide appropriate solutions to integrate data feeds.
- Implement cybersecurity-focused dashboards and alerts for the ESOC watch floor to promote an expedited adoption of new logs by analysts.
- Perform advanced SPL search construction and optimization with a focus on security and detection engineering.
- Build incident response playbooks and run incident response plans.
- Understand M-21-31 Executive Order 14028 and the practical steps to achieve compliance.
- Implement metrics to understand environment health and monitor dashboard adoption.
- Provide strategic and technical recommendations to sponsor, occasionally writing short whitepapers and/or building executive briefs.
- Combine cybersecurity domain expertise and contemporary data science skills to enhance adversary detection, network defense, and Security Operations Center (SOC) process improvement.
- Use MITRE ATT&CK® to hunt the adversary and build TTP-based defenses.
- Automate container environments via continuous integration and continuous deployment.
Benefits
- Competitive benefits
- Exceptional professional development opportunities for career growth
- Culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
