The Defensive Cyber Operations Department (L511) within the Cyber Operations & Effects Technical Center (L510), is seeking a lead for members based in Colorado and California. Location at MITRE's Colorado Springs site is preferred for this role but not required. L511 houses MITRE's Defensive Cyber Operations, Cyber Deception and Adversary Engagement, and Cybersecurity Analytics and Malware Analysis technical capability areas. Staff members in this group are aligned to one or more of these capability areas. As such, the Lead must be able and willing to be a direct contributor to Cyber Operations & Effects related capabilities, projects, tasks, or research.
Roles & Responsibilities:
MITRE is seeking strong technical candidates needed to provide engineering support for a Centralized Logging Initiative. Candidates will be part of a fast-paced team of government and contractor personnel to help stand up and maintain a centralized log collection tier for the sponsor organization.
Candidates will comprise a team which performs duties across a broad spectrum of growing demands:
- Consult and interface with customers to understand log collection requirements and provide appropriate solutions to integrate data feeds
- Implement cybersecurity-focused dashboards and alerts for the ESOC watch floor to promote an expedited adoption of new logs by analysts
- Advanced SPL search construction and optimization with a focus on security and detection engineering
- Build incident response playbooks and running incident response plans
- Understand M-21-31 Executive Order 14028 and the practical steps to achieve compliance
- Implement metrics to understand environment health and monitor dashboard adoption
- Provide strategic and technical recommendations to sponsor, occasionally writing short whitepapers and/or building executive briefs Some examples our work include:
- Combining cybersecurity domain expertise and contemporary data science skills to enhance adversary detection, network defense, and Security Operations Center (SOC) process improvement.
- Using MITRE ATT&CK® to hunt the adversary and build TTP-based defenses.
- Automating container environments via continuous integration and continuous
Basic Qualifications:
- Typically requires a minimum of 8 years of related experience with a Bachelor's degree; or 6 years and a Master's degree; or a PhD with 3 years' experience; or equivalent combination of related education and work experience Demonstrated ability to work effectively as part of a team, across sponsors, and across MITRE as appropriate and experience leveraging relationships to benefit staff and work programs
- Possess experience across MITRE to help group members network and make connections.
- Solid understanding and experience with operational cyber security practices and commonly used technologies
- Excellent writing and communication skills
- Experience leading teams or projects/tasks
- This position requires a minimum of 50% hybrid on-site
Preferred Qualifications:
- Experience applying AI/ML to cyber operations, reverse engineering, digital investigations, or mission analytics
- Experience and knowledge of MITRE ATT&CK implementation
This requisition requires the candidate to have a minimum of the following clearance(s):None
This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):None
Salary compensation range and midpoint:$158,800 - $198,500 - $238,200 Annual
Work Location Type:Hybrid
