Vulnerability Analyst, Senior

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities, and a culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth. If this sounds like the choice you want to make, then choose MITRE-and make a difference with us.

Department Summary:

Our mission-driven team works directly with MITRE's homeland security sponsors to improve cybersecurity across government and critical infrastructure. A collaborative approach and interest in building relationships based on understanding their mission, constraints, and opportunities is as important as specific technical skills. We are seeking candidates who can lead and effectively collaborate on critical projects and recommend solutions for some of the sponsor's most challenging problems.

We're seeking a vulnerability analyst / software applications developer / CVE content producer to work collaboratively with our staff of cybersecurity engineers to support our work program in vulnerability management. Application development skills will be used for the ongoing development of CVE infrastructure services, and special projects. Development work is, in part, open-source and requires heavy engagement with industry stakeholders as part of an open-source development team. Vulnerability analysis includes daily research and development of vulnerability descriptions for S/W and H/W vulnerabilities that have been publicly disclosed. Additional responsibilities include coordinating with independent researchers and product vendors regarding specific vulnerabilities as well as helping our sponsors improve both vulnerability management policies, practices, and operations throughout the Federal Civilian Executive Branch and private industry.

Job Responsibilities may include but may not be limited to:

• Publishing CVE entries (includes writing and proofing descriptions of vulnerabilities)
• Analyzing and researching cyber vulnerabilities
• Engaging with hardware and software vendors and industry leaders
• Providing input to management for expansion and evolution of CVE Program
• Participating in Board meetings and related activities as needed (e.g., CNA Summit meetings)
• Reviewing and creating metrics to track Content Team delivery health
• Reviewing, maintaining, and updating processes and policies to increase content delivery efficiencies
• Helping our sponsors and their stakeholders identify and execute on opportunities to improve vulnerability management processes and operations
• Helping develop and propagate the implementation of technology assurance best practices (e.g., SBOM, vulnerability management, developer/operator guidance ) within operational and federated environments
• Conducting technology capability evaluation, research into software/network behavior transparency, and analyzing/building interoperability of tools and data formats to help support vulnerability management at scale (e.g., Software Bill of Materials (SBOMs).
• Staying current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers and other education opportunities

Required Qualifications:

• Typically requires a minimum of 5 years of related experience with a technically relevant Bachelor's degree; or 3 years and a Master's degree; or a PhD with relevant experience who can immediately contribute at this job step; or equivalent combination of related education and work experience.
• Excellent verbal and written communications skills
• Experience with vulnerability analysis
• Strong knowledge of threats and vulnerabilities associated with cloud and on-premises network security
• Strong analytical, problem-solving skills and proactive, critical thinking skills
• Ability to work independently and with minimal direction
• Knowledge of version control systems such as Git
• Coding and software development experience, specifically in the Python and Javascript languages
• Applicants selected for this position will be subject to a government security investigation and must meet eligibility requirements for access to classified information
• Primary location for this position is McLean and Bedford, however the position is open to all MITRE domestic locations for hybrid employees

Preferred Qualifications:

• Experience working with federal departments and agencies or their stakeholders, e.g., state/local/tribal/territorial governments and critical infrastructure organizations.

This requisition requires the candidate to have a minimum of the following clearance(s):

None

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

DHS SCI/Fitness

Work Location Type:

Hybrid

Subject to all federal and state laws, rules and regulations, MITRE requires all employees to be fully vaccinated against COVID-19. Newly hired employees must be fully vaccinated prior to their employment start date. MITRE will provide reasonable accommodation to individuals who are legally entitled to an exemption under applicable laws so long as it does not create an undue hardship for MITRE and/or does not pose a direct threat to the health or safety of the employee or others in the workplace.

MITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age; ancestry; color; family medical or genetic information; gender identity and expression; marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics. For further information please visit the Equal Employment Opportunity Commission website EEO is the Law Poster and Pay Transparency .

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please contact MITRE's Recruiting Help Line at 703-983-8226 or email at [email protected].

Copyright © 1997-2023, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.