Cyber Security Engineer - ATT&CK Adversary Emulation
Mclean, VA

Job Description

MITRE's Adversary Emulation and Orchestration department is seeking creative people that can apply their skills to help turn the tide in favor of the defender.

Do you have:

* Operational red team experience?
* Solid understanding of the systems adversaries take advantage of to achieve their goals?
* Experience developing data-driven analytics to detect malicious behaviors or writing code that emulates an adversary?

As a cybersecurity engineer in MITRE's Cyber Operations and Effects Tech Center, you'll support internal research related to the MITRE ATT&CK project, as well as cybersecurity missions across a wide variety of organizations. You'll have the opportunity to evaluate tools and methodologies, assess adversary intent, develop approaches to automate cybersecurity operations, and engage in research to improve the state of the practice. We work across MITRE's R&D centers in the federal civilian and national security space, but beyond that we work and collaborate with the public on open source software, with open standards organizations, and with industry.

Key Functions:

* Support ATT&CK and ATT&CK-related research to ensure its continued impact on private and public industry
* Utilize ATT&CK to perform cybersecurity operations testing, and develop improvements to doing so, based on real adversary behavior
* Leverage operational experience and document emerging adversary tactics
* Evaluate the efficacy of existing detection mechanisms, analytics, and mitigations
* Identify gaps in visibility, data, tools, and process
* Address gaps within defenses by improving systems and processes
* Solve cyber problems through operations, data-driven analytics, and development
* Leverage research, frameworks, and best practices to improve the defensive posture of our sponsors

Minimum Qualifications:

* BS and 3 years related experience
* Experience in one or more of: cyber operations, red teaming, exploit development, incident response/hunt, cybersecurity research and development
* Strong written and verbal communication skills
* Ability to obtain and maintain a government security clearance

Preferred Qualifications:

* Knowledge of advanced cyber threats, adversary methodologies, and cyber threat intelligence
* Experience writing code in one or more programming language (Python, C/C++, JavaScript, Java, etc.)
* Knowledge of ATT&CK and its uses within the cybersecurity community (e.g., Open Source projects)
* Familiarity with emulation tools - ie. CALDERA, Metta, APT Simulator
* Related certifications such as the OSCP or CEH
* Experience in red teaming, penetration testing, exploitation
* Experience in incident response (hunt), blue teaming
* TS/SCI level security clearance