Chief Engineer - InfoSec Operations

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities, and a culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth. If this sounds like the choice you want to make, then choose MITRE-and make a difference with us.

Department Summary:

Join MITRE's corporate Information Security team and be at the forefront of security operations. Take the lead in defending MITRE against everything from fraud to ransomware to Advanced Persistent Threats (APT). Working for the CISO and with other senior InfoSec leaders, provide strategic guidance to continuously improve MITRE's protect, detect, respond triad. Lead a threat informed defense - go beyond mere technology and tools to develop and use current and new practices like threat sharing, deception, and advanced research into adversary behavior. Experienced, motivated, self-starting, continuously learning candidates will enjoy the best of both working in a tight-knit team and having individual responsibility and independence.

Job Responsibilities:

Technical Leadership

• First and foremost: Lead the cyber defense of MITRE.
  • Lead the evolution of InfoSec's defensive security architecture, monitoring and incident response operations, and our threat sharing and analysis work.
  • Practice threat informed defense - promote effectiveness and efficiency through systematic prioritization of security threats, vulnerabilities, and other issues.
  • Promote technical quality - assess quality of InfoSec operations and related work including detection and control effectiveness, training and awareness, incident monitoring and response, and threat intelligence
• Represent InfoSec on the CIO engineering council, working with Center CEs to integrate key security drivers; business strategy and need, contractual compliance, security and defensive operations to develop a consistent and coherent approach to security across MITRE:
  • Assess developments in emerging technology, CIO pilots, etc.
  • Develop a corporate IT and security technical strategy and implementation approach
  • Ensure InfoSec protection, detection, and reaction tools, techniques, and procedures are compatible with the IT architecture.
• Contribute to InfoSec's program of active engagement with CIO projects, specializing on those which impact security operations, and ensuring new IT is integrated into the security architecture.
• Facilitate innovation and research by being an integration point between InfoSec and CIO innovation programs, work program initiatives, the MITRE IR&D Program, and other innovation efforts

Partnership

• Foster integration and collaboration with the corporate IT functions
• Share lessons learned and operational insights with other MITRE cyber practitioners, researchers, and MITRE's customers
• Promote cyber community enhancing practices such as threat sharing, ISAC participation, etc.

Staff Development

• Strong contributor to strategy and execution for recruiting and hiring
• Anticipate needs for expertise in new areas. Coordinate vendor TEMs, training, etc.
• Promote InfoSec mentoring, especially for specialized operational skills
  • Foster an organizational culture of ongoing technical development
  • Assist in the creation of mentoring relationships
• Assist management in performance calibration and division development goal setting.

Required Qualifications:

• In depth experience with security group operations, including areas such as continuous monitoring of systems and alarms, incident response, workflow management, etc.
• Extensive experience and expertise with cyber operations theory, approaches, and supporting technologies including threat informed defense, cyber deception, cyber threat analysis and information sharing
• Experience, thorough familiarity with, and demonstrated success understanding and staying technically current in multiple key security areas such as:
  • Defending corporate perimeters and Internet facing systems, both on prem and cloud
  • Defending user workstations in a variety of configurations including and zero trust
  • Next gen technology such as application aware firewalls, EDR, Zero Trust.
• Strong analytical skills. Demonstrated ability to decompose complex technical problems into manageable portions, identify driving factors in technical decisions
• Extensive experience with operational design and tradeoffs balancing interests of business need and risk tolerance
• Experience with operational security product and service evaluations
• Demonstrated success in leading deeply technical InfoSec teams
• Demonstrated success working with people and coaching talent
• Strong technical writing, editing, and presentation skills including demonstrated ability to articulate complex technical topics and recommendations
• The ability to obtain and maintain a Secret Clearance

Preferred Qualifications:

• Familiarity with non-operational corporate information security practices, including policy and governance, user training and education, and risk management
• Familiarity with MITRE organizational structure, management practices, work programs and corporate strategy
• Typically requires a minimum of 7 years of related experience with an applicable Bachelor's degree; or 5 years and an applicable Master's degree, or equivalent combination of related education and work experience
• MITRE Site locations are being considered however being connected to one of the campuses would be a strong preference. This role will need to participate in team building, liaison work, and other job responsibilities which could require a candidate based at a site location a high amount of travel
• Top Secret Clearance

This requisition requires the candidate to have a minimum of the following clearance(s):

Top Secret

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

None

Salary compensation range and midpoint:

$189,500 - $237,000 - $284,500 Annual

Work Location Type:

Subject to all federal and state laws, rules and regulations, MITRE requires all employees to be fully vaccinated against COVID-19. Newly hired employees must be fully vaccinated prior to their employment start date. MITRE will provide reasonable accommodation to individuals who are legally entitled to an exemption under applicable laws so long as it does not create an undue hardship for MITRE and/or does not pose a direct threat to the health or safety of the employee or others in the workplace.

MITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age; ancestry; color; family medical or genetic information; gender identity and expression; marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics. For further information please visit the Equal Employment Opportunity Commission website EEO is the Law Poster and Pay Transparency .

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please contact MITRE's Recruiting Help Line at 703-983-8226 or email at [email protected].

Copyright © 1997-2023, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.