Lead - Cyber Security Engineer

at  THE MITRE CORPORATION

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That’s because MITRE people are committed to tackling our nation’s toughest challenges—and we’re committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We’re making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities, and a culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth. If this sounds like the choice you want to make, then choose MITRE—and make a difference with us.

DEPARTMENT SUMMARY:

The Internal Revenue Service (IRS) IT Transformation Department (P822) is seeking a motivated and creative Cybersecurity Engineer with both technical and functional experience relevant to our department work programs. P822 provides a range of cybersecurity support to the IRS under the FFRDC Center for Government Effectiveness and Modernization (CGEM). The Cybersecurity Engineer provides vital support to the IRS to ensure it can protect and defend information and systems from cyberattack and security vulnerabilities while performing duties in a complex and challenging environment.

BASIC QUALIFICATIONS:

• Typically requires a minimum of 8 years of related experience with a Bachelor’s degree; or 6 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
• Demonstrated understanding of Federal government cybersecurity laws, regulations, policies, standards and executive orders.
• Demonstrated experience with the design, development, and implementation of enterprise cybersecurity solutions, to include development of cybersecurity architectures comprising platforms, systems, applications, and networks – both on- and off-premises
• Demonstrated experience in the delivery of detailed cybersecurity analyses and recommendations that produce a measurable increase in an organization’s cybersecurity capabilities
• Demonstrated experience with the implementation and management of NIST 800-53 security controls, including solutioning to resolve critical cybersecurity vulnerabilities based upon documented Program of Action and Milestones (POA&Ms).
• Demonstrated experience in a large scale, complex environment within one or more of the NIST Cybersecurity Framework (CSF) 2.0 Core Functions (Govern, Identify, Protect, Detect, Respond, and Recover).
• Demonstrated ability to implement and manage the Risk Management Framework (RMF) and Continuous Diagnostics and Monitoring (CDM) capabilities
• Demonstrated ability to perform complex project activities as a project or program manager and in accordance with industry best practices as well as possessing interpersonal, and relationship-building skills
• Demonstrated ability to perform Security Risk Assessments (SRAs) and make recommendations regarding cybersecurity architecture, operational, and monitoring best practices.
• Ability to obtain an IRS Suitability (Minimum Background Investigation).
• This position requires a minimum of 50% hybrid on-site

PREFERRED QUALIFICATIONS:

• Certified Information Systems Security Professional (CISSP) Certification
• Advanced knowledge in one or more of the following areas: insider threat, ML/AI, or threat analysis/hunting
• Knowledge of MITRE ATT&CK and ATLAS Frameworks
• Experience with cybersecurity procurement and acquisition activities
• Knowledge of IRS specific cybersecurity regulations, policies, and procedures
• Active IRS Minimum Background Investigation (MBI)

• Applies interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior (including insider threat), risk assessment, and network security to business and operational challenges, including technical IT and operational technology (OT) systems and processes.
• Uses broad cyber expertise to identify and create cyber solutions in a dynamic operational environment, to include the use of machine learning and artificial intelligence (ML/AI) to enhance security activities and other automated capabilities.
• Performs cyber analyses and assessments that support reduction of the cyber attack footprint and creates solutions that enhance security, including incorporation of NIST 800-53 controls.
• Develops innovative offerings and identifies opportunities for cyber capabilities by applying a mix of strategic and technical knowledge of network environments, information warfare, regulations, and specific domain requirements.
• Leads complex cyber engineering, architecting, and solutioning projects and tasks at the enterprise level, to include using industry-based frameworks such as the Risk Management Framework (RMF
• Supports the IRS Cyber Team in managing its Authority to Operate (ATO) program, processes and procedures.
• Provides individual contributions and consultation.
• Establishes and nurtures lasting relationships with IRS sponsors, acting as thought leader and trusted advisor.