Lead Cybersecurity Operations Engineer

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

The Defensive Cyber Operations Department (L511) within the Cyber Operations & Effects Technical Center (L510), is seeking a lead for members based in Colorado and California. Location at MITRE's Colorado Springs site is preferred for this role but not required. L511 houses MITRE's Defensive Cyber Operations, Cyber Deception and Adversary Engagement, and Cybersecurity Analytics and Malware Analysis technical capability areas. Staff members in this group are aligned to one or more of these capability areas. As such, the Lead must be able and willing to be a direct contributor to Cyber Operations & Effects related capabilities, projects, tasks, or research.

Roles & Responsibilities:

MITRE is seeking strong technical candidates needed to provide engineering support for a Centralized Logging Initiative. Candidates will be part of a fast-paced team of government and contractor personnel to help stand up and maintain a centralized log collection tier for the sponsor organization.

Candidates will comprise a team which performs duties across a broad spectrum of growing demands:

• Consult and interface with customers to understand log collection requirements and provide appropriate solutions to integrate data feeds

• Implement cybersecurity-focused dashboards and alerts for the ESOC watch floor to promote an expedited adoption of new logs by analysts

• Advanced SPL search construction and optimization with a focus on security and detection engineering

• Build incident response playbooks and running incident response plans

• Understand M-21-31 Executive Order 14028 and the practical steps to achieve compliance

• Implement metrics to understand environment health and monitor dashboard adoption

• Provide strategic and technical recommendations to sponsor, occasionally writing short whitepapers and/or building executive briefs Some examples our work include:

• Combining cybersecurity domain expertise and contemporary data science skills to enhance adversary detection, network defense, and Security Operations Center (SOC) process improvement.

• Using MITRE ATT&CK® to hunt the adversary and build TTP-based defenses.

• Automating container environments via continuous integration and continuous

Basic Qualifications:

• Typically requires a minimum of 8 years of related experience with a Bachelor's degree; or 6 years and a Master's degree; or a PhD with 3 years' experience; or equivalent combination of related education and work experience Demonstrated ability to work effectively as part of a team, across sponsors, and across MITRE as appropriate and experience leveraging relationships to benefit staff and work programs

• Possess experience across MITRE to help group members network and make connections.

• Solid understanding and experience with operational cyber security practices and commonly used technologies

• Excellent writing and communication skills

• Experience leading teams or projects/tasks

• This position requires a minimum of 50% hybrid on-site

Preferred Qualifications:

• Experience applying AI/ML to cyber operations, reverse engineering, digital investigations, or mission analytics

• Experience and knowledge of MITRE ATT&CK implementation

This requisition requires the candidate to have a minimum of the following clearance(s):

None

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

None

Salary compensation range and midpoint:

$158,800 - $198,500 - $238,200 Annual

Work Location Type:

Hybrid

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please email View email address on click.appcast.io for general support and View email address on click.appcast.io for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.

Benefits information may be found here ( .

Copyright © 1997-2026, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.