OT Cybersecurity Detection Engineer

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities, and a culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth. If this sounds like the choice you want to make, then choose MITRE—and make a difference with us.Department Summary:The Critical Infrastructure Assessments, Analytics, and Resiliency (L541) department provides experience from the cross-section of engineering disciplines and cybersecurity to our government and industry partners. Our team is made up of Operational Technology (OT) SMEs, Detection Engineers, Embedded Device Specialists, Mobile Cybersecurity Experts, and more. We improve our nation’s cybersecurity posture by developing MITRE technologies (e.g., ATT&CK for ICS, ATT&CK for Mobile, Caldera for OT), assessing critical infrastructure (e.g., Infrastructure Susceptibility Analysis), and collaborating with our government sponsors to perform research, maintain labs, and influence policy.Job Description:We are seeking a lead OT detection engineer with a minimum of 5 years’ experience with industrial protocol analysis. This team works closely with our government and critical infrastructure sponsors and their stakeholders to improve the cybersecurity of mission critical operational technology systems. A collaborative approach and interest in building relationships based on an understanding our sponsors’ unique missions, constraints, and opportunities is as important as specific technical skills. We are looking for people with a depth of knowledge in multiple industrial protocols such as BACnet, Modbus, CIP, etc., with contextual understanding of how these protocols are used in an Operational Technology environment. This role may entail some or all of the following:Familiarity with typical ETL (Extract, Transform, Load) workflows implemented in software like ELK (elasticsearch, logstash, and kibana) and Splunk.Developing rules for identifying anomalous behavior within OT network components, both from network and host-based data sources.Working directly with government and critical infrastructure operators to develop requirements for new cyber protection technologies, perform applied research and development activities, develop operational pilots, and assist in transition to operational use.Developing and operationalizing cyber sensor and cyber analytics architectures to enable more efficient and effective OT cybersecurity operations, threat-hunting, and forensics analysis. Example tools the role may be familiar with include zeek, wireshark, and snort or suricata.Conducting cyber mission dependency, criticality, mission failure, and adversary cyberattack scenario analyses to inform design of OT resilient architectures.Researching, developing, operationalizing, evaluating, and improving OT defensive tactics, techniques, and procedures (TTPs) for detecting and responding to cyber threats.Using MITRE ATT&CK® and ATT&CK for ICS to build detection capability and to support hunting the adversary in OT environments.Performing forensic analysis of OT devices to support cyber incident analysis, andDeveloping and performing attack emulation and deception operations.Basic Qualifications:Bachelors in one of the following disciplines: Chemical Engineering, Computer Engineering, Electrical Engineering, Systems Engineering or similar technical fieldTypically requires a minimum of 8 years of related experience with a Bachelor’s degree; or 6 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.Experience in one or more areas listed under Job Responsibilities.Applicants selected for this position will be subject to a government security investigation and must meet eligibility requirements for access to classified information.Preferred Qualifications: Hands-on experience with programming PLCs, field instrumentation, in an operational or lab environment.Hands-on experience with configuring industrial networks and maintaining a domain in an operational or lab environment.Experience designing or modifying OT systems.Experience with OT network and/or endpoint security monitoring.Experience with OT adversary emulation concepts and technologies.Experience with embedded system firmware or real-time operating systems.Demonstrated experience working with cybersecurity frameworks including MITRE ATT&CK & D3FEND.Familiarity with cybersecurity policies and standards, including: NIST SP 800-82, 800-53, NERC-CIP, DoD Zero Trust Strategy, IEC 62443.Experience working with federal departments and agencies or their stakeholders (e.g., state/local/tribal/territorial governments) and critical infrastructure organizations (especially electric, gas or water utilities).This requisition requires the candidate to have a minimum of the following clearance(s):NoneThis requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):Top SecretWork Location Type:HybridMITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age; ancestry; color; family medical or genetic information; gender identity and expression; marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics. For further information please visit the Equal Employment Opportunity Commission website EEO is the Law Poster and Pay Transparency.MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org.Copyright © 2024, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.Benefits information may be foundhere