Lead InfoSec Operations Analyst

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities, and a culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth. If this sounds like the choice you want to make, then choose MITRE-and make a difference with us.

Department Summary

MITRE's Information Security department seeks a Cyber Threat Intelligence Analyst to conduct research and develop written analysis of technical cybersecurity vulnerabilities including evaluating prevalence, exploitability, and threat actor affiliations. The ideal candidates will have a combination of Intelligence Analysis experience, cyber experience, operations experience, and producing written risk assessments. This position offers a challenging opportunity to be exposed to a diverse set of security disciplines, including incident response, forensics, reverse engineering, malware analysis, intrusion detection, network security and system security.

Roles and Responsibilities

• Identify emerging cyber threats, vulnerabilities, trends, and recommend countermeasures.

• Gather data from internal networks and external sources to monitor known threat activity.

• Create actionable intelligence on current and developing threats by analyzing threat actor TTPs.

• Create threat analysis reports as requested for both activity identified and tailored threats/technologies as requested.

• Proactively gather, analyze, and disseminate timely and accurate CTI to support operational decision-making.

• Develop new analytics and apply mitigations for adversary Tactics, Techniques, and Procedures (TTPs).

• Perform threat Hunts for undetected indicators of compromise.

• Collaborate with internal and external stakeholders to mitigate cyber threats.

• Conduct in-person and virtual briefings on vulnerabilities or threat actors.

• Identify intelligence gaps, specify collection requirements to fill gaps in information, and evaluate resulting intelligence requirements.

Basic Qualifications

• Typically requires a minimum of 8 years of related experience with a Bachelor's degree; or 6 years and a Master's degree; or a PhD with 3 years' experience; or equivalent combination of related education and work experience.

• Ability to work both independently and as part of a collaborative team.

• Must be detail oriented and able to assist with incident investigation processes.

• Must have good analytical, written, verbal, and interpersonal communication skills.

• Stays current on emerging security threats, vulnerabilities, and controls as it pertains to our cloud presence.

• Must be able to be granted & hold a Secret clearance.

• Explores patterns in network and system activity through log correlation using Splunk and other tools.

• This position requires a minimum of 50% hybrid on-site.

Preferred Qualifications

• Knowledge of advanced Cyber Security concepts.

• Familiarity with Linux, Mac, and Windows Operating Systems.

• Familiarity with adversary tactics, techniques, and procedures (TTPs).

• Understanding of various threat intelligence frameworks such as the Diamond Model, Cyber Kill Chain and MITRE ATT&CK.

• Scripting experience, preferably with Python.

• Experience with Splunk or Elastic Search.

• Able to demonstrate clear technical understanding of current threats and how they can impact cloud and IT infrastructure.

• Ability to take initiative and accountability for achieving results.

• Ability to develop alerts and analytics for proactive monitoring in cloud and on-prem environments.

• Experience evaluating enterprise networks for IA/security vulnerabilities.

• Experience on an Incident Response team performing Tier I/II initial incident triage.

• Conduct research and analysis of technical vulnerabilities including evaluating prevalence, exploitability, and cyber threat actor affiliations.

This requisition requires the candidate to have a minimum of the following clearance(s):

None

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

Secret

Work Location Type

Hybrid

MITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age; ancestry; color; family medical or genetic information; gender identity and expression; marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics. For further information please visit the Equal Employment Opportunity Commission website EEO is the Law Poster (~~~) and Pay Transparency (~~~) .

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please email ~~~ .

Copyright © 2024, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.

Benefits information may be found here (~~~)