Lead Cybersecurity Assessment Engineer
MITRE · McLean, VA · 1 mo ago
Information Technology$159k–$199k/yrFull-time
Roles & Responsibilities
- Expertise conducting cybersecurity assessments and workshops for government agencies.
- Develop and implement security strategies, and provide mentorship to junior assessors.
- Cybersecurity Risk Management: Expert knowledge of cybersecurity risk management frameworks and methodologies.
- Vulnerability Assessment & Penetration Testing: Conduct vulnerability assessments, penetration testing, and ethical hacking of applications and systems to identify and remediate security weaknesses.
- Security Controls Assessment: Conduct Security Controls Assessments (SCA), workshops, and audits for internal teams and partner organizations.
- Security Tools Utilization: Utilize a variety of security tools—including Burp Suite, Nessus, Splunk, QRadar, WireShark, eMASS, and others—to support security operations and assessments.
- Contribute technically to one or more Sponsor tasks.
- Collaborate effectively with MITRE, government, and contractors; effectively communicate in writing, presentations, and collaborative discussions; and interface with peers, managers, and sponsors.
- Promote collaboration and integration with other organizational elements within the department and across MITRE.
Basic Qualifications
- Requires a minimum of 8 years of related experience with a Bachelor’s degree; or 6 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
- Experience with RMF, NIST SP-800 series, and Security Controls Assessment (SCA).
- Experience in software engineering and systems engineering, including requirements analysis and technical writing.
- Familiarity with Windows, Linux, macOS/Open BSD, and VxWorks/Tornado operating systems.
- Proficiency in programming languages including Java, C#, C++, Python, Perl, Visual Basic, ASP.NET, PHP, COBOL.
- Certifications: CISSP, Certified Ethical Hacker (CEH), Network+
- Must be able to successfully obtain a Top-Secret clearance within one year of hire.
Preferred Qualifications
- Active Top Secret Security Clearance.
- Graduate-level degree in a technical discipline (Cybersecurity, Information Assurance, etc.).
- 12 years related experience as a cybersecurity analyst/systems engineer.
- Experience with advanced assessment techniques utilizing Kali Linux, Burp Suite, Wireshark, etc.
- Experience with various Security Information and Event Management (SIEM) platforms (Splunk, QRadar, Tenable products, etc.).
- Experience with offensive and defensive cybersecurity operations, including penetration testing.
- Experience with various Information Technology (IT) operations in enterprise environments including system integration, device/network hardening, server administration, network maintenance, etc.
- Certified Information Systems Security Professional (CISSP)
- GIAC Penetration Tester (GPEN), GIAC Certified Intrusion Analyst (GCIA)
- CompTIA Security+, CompTIA Network+, CompTIA Linux+