Principal Cybersecurity Assessment Engineer

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us. The Cyber Solutions Innovation Center creates solutions using threat-informed cybersecurity approaches to enhance the security, safety, and resiliency of critical cyber systems and infrastructure. The Cyber Assessments and Security Automation department serves as MITRE's resource for cyber risk evaluation and security innovation. Our team is dedicated to advancing the field of cybersecurity by combining deep expertise in risk assessment with cutting-edge automation technologies. This dual focus enables us to address the evolving needs of our sponsors, ensuring scalable and effective cybersecurity solutions that meet today's challenges and anticipate tomorrow's threats. Our work is defined by innovation, exemplified through initiatives like SAF, ECHO, and ACT, which demonstrate our commitment to developing transformative tools and methodologies. By leveraging automation, we empower organizations to enhance their security posture efficiently and effectively, positioning them to stay ahead in an increasingly complex cyber landscape. The Cyber Assessments and Security Automation department reflects MITRE's leadership in cybersecurity, making our value clear to sponsors and internal stakeholders alike. We don't just assess risks; we innovate solutions that drive the future of cybersecurity. The Cyber Assessments and Security Automation department within the Cyber Solutions Innovation Center is seeking a Principal level Cybersecurity Assessment Engineer to lead the department's contributions across our portfolios. The department supports all of MITRE by providing a variety of cyber assessment products plus overall cyber engineering skills. The Principal Cybersecurity Assessment Engineer position will be a core member of the department and government technical team and serve as the first-line support for various sponsors. The position requires direct contributions to our diverse work programs.

Roles & Responsibilities:

Expertise conducting cybersecurity assessments and workshops for government agencies. Define the Security‑Automation Blueprint for sponsor programs. Design and implement Reusable Automation Frameworks that integrate with existing security tools (Nessus, Burp Suite, Qualys, Tenable.io, Splunk, QRadar, eMASS). Develop and implement security strategies, and provide mentorship to junior assessors.

Cybersecurity Risk Management:

Expert knowledge of cybersecurity risk management frameworks and methodologies.

Vulnerability Assessment & Penetration Testing:

Conduct vulnerability assessments, penetration testing, and ethical hacking of applications and systems to identify and remediate security weaknesses.

Security Controls Assessment:

Conduct Security Controls Assessments (SCA), workshops, and audits for internal teams and partner organizations.

Security Tools Utilization:

Utilize a variety of security tools—including Burp Suite, Nessus, Splunk, QRadar, WireShark, eMASS, and others—to support security operations and assessments. Collaborate effectively with MITRE, government, and contractors; effectively communicate in writing, presentations, and collaborative discussions; and interface with peers, managers, and sponsors. Promote collaboration and integration with other organizational elements within the department and across MITRE.

Basic Qualifications:

Requires a minimum of 10 years of related experience with a Bachelor's degree; or 8 years and a Master's degree; or a PhD with 5 years' experience; or equivalent combination of related education and work experience. Automation - Ansible, Terraform, CloudFormation, Chef, Puppet, SaltStack. CI/CD - GitHub Actions, GitLab CI, Azure DevOps, Jenkins. Familiarity with Windows, Linux, macOS/Open BSD, and VxWorks/Tornado operating systems. Proficiency in programming languages including Java, C#, C++, Python, Perl, Visual Basic, ASP.NET, PHP, COBOL. Experience in software engineering and systems engineering, including requirements analysis and technical writing.

Certifications:

CISSP, Certified Ethical Hacker (CEH), Network+, AWS Certified Cloud Practitioner. This position requires a minimum of 50% hybrid on-site Must be able to successfully obtain a Top-Secret clearance within one year of hire​ Per the U.S. Government's eligibility requirements, you must be a U.S Citizen to be considered for a security clearance

Preferred Qualifications:

Graduate-level degree in a technical discipline (Cybersecurity, Information Assurance, etc.). 15 years related experience as a cybersecurity analyst/systems engineer. Active Top Secret Security Clearance. Experience with advanced assessment techniques utilizing Kali Linux, Burp Suite, Wireshark, etc. Experience with various Security Information and Event Management (SIEM) platforms (Splunk, QRadar, Tenable products, etc.) Experience with offensive and defensive cybersecurity operations, including penetration testing Experience with various Information Technology (IT) operations in enterprise environments including system integration, device/network hardening, server administration, network maintenance, etc. Certified Information Systems Security Professional (CISSP) GIAC Penetration Tester (GPEN), GIAC Certified Intrusion Analyst (GCIA) CompTIA Security+, CompTIA Network+, CompTIA Linux+ This requisition requires the candidate to have a minimum of the following clearance(s): Top Secret This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s): None Salary compensation range and midpoint: $172,800 - $216,000 - $259,200

Annual Work Location Type:

Hybrid Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law. MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply. Benefits information may be found here (https://careers.mitre.org/us/en/benefits) . Copyright © 1997-2026, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.