OT Adversary Emulation Engineer

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities, and a culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth. If this sounds like the choice you want to make, then choose MITRE-and make a difference with us.

Department Summary:

The Cyber Physical Deterrence Technologies Department (L543), part of the Cyber Infrastructure Protection Innovation Center (CIPIC), is focused on capabilities and technologies designed to deter our adversaries from holding our infrastructure at risk. This includes technical deterrence capabilities such as forensics and attribution, device countermeasures, adversary emulation, and deception capabilities. Policy-based capabilities also play a critical role in the execution of the deterrence mission. Development of normative behaviors and well-defined coordinated response options, for example, are achieved by reducing the ambiguity surrounding cybersecurity capabilities possessed, and the consequences for leveraging these capabilities against global infrastructure. L543 examines both domestic and foreign control systems and weapons systems technologies for hardware and software weaknesses. CIPIC views deterrence as a capability achieved in a coordinated fashion using both technical and non-technical means; the Policy Support core LOE is heavily engaged by L543.

Roles and Responsibilities:

The candidate will be responsible for helping improve the state of the art in OT cyber deterrence technologies in the critical infrastructure space through the development and application of applied threat and vulnerability research. This research will be manifested in the development and usage of OT advisory emulation software. The candidate will:

• Work with a team of software developers in designing, developing, and deploying software plug-ins to existing adversary emulation applications
• Work with external partners and industry stakeholders to demonstrate the value of adversary emulation in OT environments through hands-on demonstrations and exercises
• Leverage deep technical knowledge to stay abreast of current and potential OT cyber threats, and incorporate these into the OT adversary emulation plug-ins.
• Be a focal point for the OT Adversary Emulation technical capability area
• Prepare and conduct product briefings for senior leadership and stakeholders

Minimum Qualifications:

MITRE is seeking a strong technical candidate with a cyber security and computer science

or computer programming background to join a research and development team focused on the use of cyber deterrence technologies. The candidate will be responsible for helping improve the state of the art in cyber deterrence technologies in the critical infrastructure space through the development and application of applied research that solve problems for our sponsors. The candidate will enjoy a fast-paced team environment, working on cutting edge technology, and able to envision and start new projects and technologies. The ideal candidate will have a familiarity in at least one of these disciplines:

• ICS network protocols (e.g., DNP3, ModbusTCP, CIP, BACnet)
• Typically requires a minimum of 8 years of related experience with a Bachelor's degree; or 6 years and a Master's degree; or a PhD with 3 years' experience; or equivalent combination of related education and work experience.
• Serial bus standards and protocols (e.g. CAN bus, ARINC, MIL-STD-1553)
• Cyber Physical Systems, including Industrial Control Systems (ICS) and
• Software programming and scripting languages (e.g., Python, golang, C/++)
• Adversary emulation / Red Teaming
• Analysis of Operational Technologies
• FPGA/ASIC design and analysis

• Familiarity with low level technologies such as ARM, x86, and RTOSDegree in Cybersecurity, Electrical Engineering, Computer Science, Computer Engineering, or related field
• At least 3 years of professional experience in OT cybersecurity, OT operating environments, or a related OT field
• Knowledge in OT device development or operations
• Knowledge of DNP3 and at least one additional network protocol (e.g., Modbus, TCP, CIP, BACnet)
• Experience with emulating adversary tactics, techniques, and procedures (TTPs), cybersecurity Red Teaming, or cybersecurity Penetration Testing.
• Ability to develop and deploy OT emulation environments, leveraging virtualization, emulation, simulation, and/or hardware-in-the-loop
• Understanding of the MITRE ICS ATT&CK knowledge base
• Willingness to work cross-functionally across MITRE divisions and externally to develop and generate impact within Critical Infrastructure Resiliency and Safety
• Ability to maintain a DoD Top Secret level security clearance.

• Ability to obtain and maintain DHS suitability requirements

Preferred Qualifications:

• Proven track record of team leadership to include growing and developing team personnel. Meeting deliverable timelines, and work shaping for desired mission impact.
• Programming and software development experience, including experience with Python or interest in learning this skill
• Hands-on experience working with operational OT system components (e.g., ICS environments, Healthcare systems, mission platforms)
• Experience in OT device programming (firmware and software)
• Familiarity with well-known OT incident Tactics, Techniques, and Procedures (TTP) (e.g., Industroyer/2, Triton).
• Familiarity with secure design principles.
• Familiarity with security frameworks, for example NIST Cybersecurity Framework (CSF), NERC Critical Infrastructure Protection (CIP), NIST Special Publication 800-53, ISO 27001, Collection Management Framework, NIST Risk Management Framework (RMF), etc.
• Industry forum / association participation

This requisition requires the candidate to have a minimum of the following clearance(s):

Top Secret/SCI/Polygraph

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

Top Secret/SCI/Polygraph

Work Location Type:

Hybrid

Subject to all federal and state laws, rules and regulations, MITRE requires all employees to be fully vaccinated against COVID-19. Newly hired employees must be fully vaccinated prior to their employment start date. MITRE will provide reasonable accommodation to individuals who are legally entitled to an exemption under applicable laws so long as it does not create an undue hardship for MITRE and/or does not pose a direct threat to the health or safety of the employee or others in the workplace.

MITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age; ancestry; color; family medical or genetic information; gender identity and expression; marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics. For further information please visit the Equal Employment Opportunity Commission website EEO is the Law Poster and Pay Transparency .

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please contact MITRE's Recruiting Help Line at 703-983-8226 or email at [email protected].

Copyright © 1997-2023, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.