Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That’s because MITRE people are committed to tackling our nation’s toughest challenges—and we’re committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We’re making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

DEPARTMENT SUMMARY:

The Cybersecurity Risk Management Department (R311) within the Global Security Services Division (R300) is looking to fill a Senior Information Systems Cyber Engineer position, with a focus on classified environments. The selected candidate will support multiple sponsors by providing Information Assurance and Cybersecurity services specifically for classified systems.
The ideal candidate will thrive in a fast-paced, collaborative environment, working with cutting-edge technology and contributing to advanced security concepts in classified settings. We seek a proactive individual to lead efforts in integrating security into large engineering projects and acquisition initiatives.
Success in this role requires expertise in a wide range of cybersecurity topics, including strategy, planning, policies, procedures, governance, management, protection, detection, mitigation, and cyber and military operations. Strong verbal and written communication skills are essential for presenting findings, making actionable recommendations, and sharing innovative ideas with Senior Government Sponsors.

BASIC QUALIFICATIONS:

• Possess and maintain an active Top Secret level security clearance.
• Typically requires a minimum of 8 years of related experience with a B.S. in Computer Science; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
• Development of security artifacts utilizing all steps in the RMF.
• Experience using E-Mass, XACTA, other repositories.
• Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
• Ability to exercise judgment when policies are not well-defined.
• Knowledge of new and emerging IT and cybersecurity technologies.
• Effective communication skills (verbal and written) ensuring clear and effective communication with senior government leaders and technical peers.
• Experience implementing the RMF, NIST SP 800-53, Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker.
• Full understanding of Classified Infrastructure and how to apply the A&A process.
• Knowledge of technical solutions related to the A&A process.
• In accordance with DoD 8570.01M, the selected candidate must meet and maintain the requirements of an IAM Level III as a condition of employment.
• This position has an on-site requirement of 5 days a week on-site.

PREFERRED QUALIFICATIONS:

• Active Top Secret

The selected candidate will be responsible for protecting information systems, networks, and computers from security threats. The candidate will perform tasks such as ensuring cyber security is baked into the design of new/existing operational environments; perform security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). As the ISSM/ISSO, maintain operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A). Provides configuration management (CM) expertise for information system security software, hardware, and firmware and coordinates with Systems & Networks engineers, and other stakeholders to ensure fully developed requests are vetted prior to Change Control Board (CCB) meetings. Mentor and train Jr. ISSOs, consult with other MITRE Departments on cybersecurity concerns.

Responsibilities include:

• Oversee development, implementation, and evaluation of the classified information system program.
• Coordinate with MITRE’s insider threat senior program official so that insider threat awareness is addressed in the contractor’s information system security program.
• Develop, document, and monitor compliance of the information system security program in accordance with sponsor-provided guidelines for management, operational, and technical controls.
• Verify self-inspections are conducted on the information systems that process classified information, and that corrective actions are taken for all identified findings.
• Certify to the sponsor in writing that the SSP’s are implemented for each authorized information system, specified in the SSP; the specified security controls are in place and properly tested; and the information system continues to function as described in the SSP.
• Brief users on their responsibilities regarding information system security and verify that personnel are trained on the security restrictions and safeguards of the information system prior to access to an authorized information system
• Develop and maintain security documentation of the security authorization request to the sponsor.
• Verify the implementation of the information system security program.
• Ensure continuous monitoring strategies and verify corrective actions.
• Conduct self-inspections and verify corrective actions.

Other Responsibilities include:

• Advise on risk levels and security posture and informing senior leadership about security threats and recommending policy changes.
• Advise appropriate senior leadership or Authorizing Official of changes affecting the organization’s cybersecurity posture.
• Ensure security measures are aligned and the organization’s cybersecurity measures support its goals and mission.
• Collect and maintain data needed to meet system cybersecurity reporting.
• Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
• Ensure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.
• Coordinating cybersecurity inspections and ensuring that cybersecurity inspections, tests, and reviews are coordinated.
• Perform the duties of ISSM and/or ISSO coordination between sponsors, MITRE project leaders, and MITRE’s accreditation officials to obtain formal accreditation to operate classified information systems.
• Review security artifacts and determine risk mitigation, perform continuous monitoring activities.
• Improve cybersecurity risk posture of environments applying the RMF and applicable controls.
• Triage vulnerabilities, work with engineers, system admins on mitigation plans
• Review and update policies based on industry standards and best practices.
• Lead the strategy on responding to Cyber Operational Readiness Assessments, etc., improve risk ratings, and develop strategic plans for overall assessment procedures, policies, etc.
• Partner with System Administrators, Engineers to improve on process, policies protecting assets.
• Develop Jr staff skillset in cybersecurity/IA improving on product delivery, artifacts quality, assessment support and overall risk mitigations.
• Provide subject matter expertise to internal and external partners supporting the security and protection of advanced technologies.
• Maintain operational security posture for an information system or program.
• Apply a full range of Cybersecurity policies, principles, and techniques to maintain security integrity of information systems processing classified information.
• Utilized Security Tools to enhance protection of information systems and data.
• Perform Gap Analysis and improve on document maintenance, storage, and modifications.