MITRE
Overview
Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts. We operate R&D centers for the government in cybersecurity, healthcare, aviation, defense, and enterprise transformation, aiming to make a difference and improve safety, health, and security. MITRE offers competitive benefits, professional development, and a culture of innovation built on adaptability, collaboration, technical excellence, and partnerships. If this sounds like the choice you want to make, choose MITRE and make a difference with us.
Department Summary The Cybersecurity Risk Management Department (R311) within the Global Security Services Division (R300) is looking to fill a Senior Information Systems Cyber Engineer position, with a focus on classified environments. The selected candidate will support multiple sponsors by providing Information Assurance and Cybersecurity services specifically for classified systems.
The ideal candidate will thrive in a fast-paced, collaborative environment, working with cutting-edge technology and contributing to advanced security concepts in classified settings. We seek a proactive individual to lead efforts in integrating security into large engineering projects and acquisition initiatives.
Success in this role requires expertise in a wide range of cybersecurity topics, including strategy, planning, policies, procedures, governance, management, protection, detection, mitigation, and cyber and military operations. Strong verbal and written communication skills are essential for presenting findings, making actionable recommendations, and sharing innovative ideas with Senior Government Sponsors.
Roles & Responsibilities The selected candidate will be responsible for protecting information systems, networks, and computers from security threats. The candidate will perform tasks such as ensuring cyber security is baked into the design of new/existing operational environments; perform security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). As the ISSM/ISSO, maintain operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A). Provides configuration management (CM) expertise for information system security software, hardware, and firmware and coordinates with Systems & Networks engineers, and other stakeholders to ensure fully developed requests are vetted prior to Change Control Board (CCB) meetings. Mentor and train Jr. ISSOs, consult with other MITRE Departments on cybersecurity concerns.
Responsibilities include:
Oversee development, implementation, and evaluation of the classified information system program.
Coordinate with MITRE’s insider threat senior program official so that insider threat awareness is addressed in the contractor’s information system security program.
Develop, document, and monitor compliance of the information system security program in accordance with sponsor-provided guidelines for management, operational, and technical controls.
Verify self-inspections are conducted on the information systems that process classified information, and that corrective actions are taken for all identified findings.
Certify to the sponsor in writing that the SSPs are implemented for each authorized information system, the specified security controls are in place and properly tested, and the information system continues to function as described in the SSP.
Brief users on their responsibilities regarding information system security and verify that personnel are trained on the security restrictions and safeguards of the information system prior to access to an authorized information system.
Develop and maintain security documentation of the security authorization request to the sponsor.
Verify the implementation of the information system security program.
Ensure continuous monitoring strategies and verify corrective actions.
Conduct self-inspections and verify corrective actions.
Other Responsibilities include:
Advise on risk levels and security posture and inform senior leadership about security threats and recommend policy changes.
Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
Ensure security measures are aligned and the organization's cybersecurity measures support its goals and mission.
Collect and maintain data needed to meet system cybersecurity reporting.
Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
Ensure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization’s mission and goals.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.
Coordinate cybersecurity inspections and ensure that inspections, tests, and reviews are coordinated.
Perform the duties of ISSM and/or ISSO coordination between sponsors, MITRE project leaders, and MITRE’s accreditation officials to obtain formal accreditation to operate classified information systems.
Review security artifacts and determine risk mitigation, perform continuous monitoring activities.
Improve cybersecurity risk posture of environments applying the RMF and applicable controls.
Triage vulnerabilities, work with engineers and system admins on mitigation plans.
Review and update policies based on industry standards and best practices.
Lead the strategy on responding to Cyber Operational Readiness Assessments, improve risk ratings, and develop strategic plans for overall assessment procedures, policies, etc.
Partner with System Administrators and Engineers to improve processes and policies protecting assets.
Develop junior staff skillsets in cybersecurity/IA improving product delivery, artifacts quality, assessment support and overall risk mitigations.
Provide subject matter expertise to internal and external partners supporting the security and protection of advanced technologies.
Maintain operational security posture for an information system or program.
Apply a full range of cybersecurity policies, principles, and techniques to maintain security integrity of information systems processing classified information.
Utilize security tools to enhance protection of information systems and data.
Perform gap analysis and improve document maintenance, storage, and modifications.
Basic Qualifications
Possess and maintain an active Top Secret level security clearance.
Typically requires a minimum of 5 years of related experience with a B.S. in Computer Science; or 3 years and a Master’s degree; or a PhD; or equivalent combination of related education and work experience.
Development of security artifacts utilizing all steps in the RMF.
Experience using E-Mass, XACTA, other repositories.
Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
Ability to develop or recommend analytic approaches or solutions to problems with incomplete information.
Ability to exercise judgment when policies are not well-defined.
Knowledge of new and emerging IT and cybersecurity technologies.
Effective communication skills (verbal and written) ensuring clear and effective communication with senior government leaders and technical peers.
Experience implementing the RMF, NIST SP 800-53, STIGs and SCAP Compliance Checker.
Full understanding of Classified Infrastructure and how to apply the A&A process.
Knowledge of technical solutions related to the A&A process.
In accordance with DoD 8570.01M, the selected candidate must meet and maintain the requirements of an IAM Level III as a condition of employment.
This position has an on-site requirement of 5 days a week on-site.
Clearance & Location This requisition requires the candidate to have a minimum of the following clearance(s): Top Secret. This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s): Top Secret. Work Location Type: Onsite
Commitment & Inclusion Commitment to Non-Discrimination: All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.
MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.
Benefits information may be found here.
Copyright 1997-2025, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.
#J-18808-Ljbffr
Department Summary The Cybersecurity Risk Management Department (R311) within the Global Security Services Division (R300) is looking to fill a Senior Information Systems Cyber Engineer position, with a focus on classified environments. The selected candidate will support multiple sponsors by providing Information Assurance and Cybersecurity services specifically for classified systems.
The ideal candidate will thrive in a fast-paced, collaborative environment, working with cutting-edge technology and contributing to advanced security concepts in classified settings. We seek a proactive individual to lead efforts in integrating security into large engineering projects and acquisition initiatives.
Success in this role requires expertise in a wide range of cybersecurity topics, including strategy, planning, policies, procedures, governance, management, protection, detection, mitigation, and cyber and military operations. Strong verbal and written communication skills are essential for presenting findings, making actionable recommendations, and sharing innovative ideas with Senior Government Sponsors.
Roles & Responsibilities The selected candidate will be responsible for protecting information systems, networks, and computers from security threats. The candidate will perform tasks such as ensuring cyber security is baked into the design of new/existing operational environments; perform security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). As the ISSM/ISSO, maintain operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A). Provides configuration management (CM) expertise for information system security software, hardware, and firmware and coordinates with Systems & Networks engineers, and other stakeholders to ensure fully developed requests are vetted prior to Change Control Board (CCB) meetings. Mentor and train Jr. ISSOs, consult with other MITRE Departments on cybersecurity concerns.
Responsibilities include:
Oversee development, implementation, and evaluation of the classified information system program.
Coordinate with MITRE’s insider threat senior program official so that insider threat awareness is addressed in the contractor’s information system security program.
Develop, document, and monitor compliance of the information system security program in accordance with sponsor-provided guidelines for management, operational, and technical controls.
Verify self-inspections are conducted on the information systems that process classified information, and that corrective actions are taken for all identified findings.
Certify to the sponsor in writing that the SSPs are implemented for each authorized information system, the specified security controls are in place and properly tested, and the information system continues to function as described in the SSP.
Brief users on their responsibilities regarding information system security and verify that personnel are trained on the security restrictions and safeguards of the information system prior to access to an authorized information system.
Develop and maintain security documentation of the security authorization request to the sponsor.
Verify the implementation of the information system security program.
Ensure continuous monitoring strategies and verify corrective actions.
Conduct self-inspections and verify corrective actions.
Other Responsibilities include:
Advise on risk levels and security posture and inform senior leadership about security threats and recommend policy changes.
Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
Ensure security measures are aligned and the organization's cybersecurity measures support its goals and mission.
Collect and maintain data needed to meet system cybersecurity reporting.
Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
Ensure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization’s mission and goals.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.
Coordinate cybersecurity inspections and ensure that inspections, tests, and reviews are coordinated.
Perform the duties of ISSM and/or ISSO coordination between sponsors, MITRE project leaders, and MITRE’s accreditation officials to obtain formal accreditation to operate classified information systems.
Review security artifacts and determine risk mitigation, perform continuous monitoring activities.
Improve cybersecurity risk posture of environments applying the RMF and applicable controls.
Triage vulnerabilities, work with engineers and system admins on mitigation plans.
Review and update policies based on industry standards and best practices.
Lead the strategy on responding to Cyber Operational Readiness Assessments, improve risk ratings, and develop strategic plans for overall assessment procedures, policies, etc.
Partner with System Administrators and Engineers to improve processes and policies protecting assets.
Develop junior staff skillsets in cybersecurity/IA improving product delivery, artifacts quality, assessment support and overall risk mitigations.
Provide subject matter expertise to internal and external partners supporting the security and protection of advanced technologies.
Maintain operational security posture for an information system or program.
Apply a full range of cybersecurity policies, principles, and techniques to maintain security integrity of information systems processing classified information.
Utilize security tools to enhance protection of information systems and data.
Perform gap analysis and improve document maintenance, storage, and modifications.
Basic Qualifications
Possess and maintain an active Top Secret level security clearance.
Typically requires a minimum of 5 years of related experience with a B.S. in Computer Science; or 3 years and a Master’s degree; or a PhD; or equivalent combination of related education and work experience.
Development of security artifacts utilizing all steps in the RMF.
Experience using E-Mass, XACTA, other repositories.
Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
Ability to develop or recommend analytic approaches or solutions to problems with incomplete information.
Ability to exercise judgment when policies are not well-defined.
Knowledge of new and emerging IT and cybersecurity technologies.
Effective communication skills (verbal and written) ensuring clear and effective communication with senior government leaders and technical peers.
Experience implementing the RMF, NIST SP 800-53, STIGs and SCAP Compliance Checker.
Full understanding of Classified Infrastructure and how to apply the A&A process.
Knowledge of technical solutions related to the A&A process.
In accordance with DoD 8570.01M, the selected candidate must meet and maintain the requirements of an IAM Level III as a condition of employment.
This position has an on-site requirement of 5 days a week on-site.
Clearance & Location This requisition requires the candidate to have a minimum of the following clearance(s): Top Secret. This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s): Top Secret. Work Location Type: Onsite
Commitment & Inclusion Commitment to Non-Discrimination: All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.
MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.
Benefits information may be found here.
Copyright 1997-2025, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.
#J-18808-Ljbffr