Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

Department Summary:

The Information Systems Security Department (R311) within the Global Security Services Division (R300) seeks a Senior Information Systems Security Officer (ISSO) to provide Information Assurance and Cybersecurity services for classified systems. The role involves integrating security into engineering projects, supporting classified environments, and contributing to advanced security concepts.

Key Responsibilities:

Lead cybersecurity efforts for classified systems, ensuring compliance with Risk Management Framework (RMF) policies and procedures.Assist the Information System Security Manger (ISSM) to maintain the operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed.Develop, implement, and monitor security programs, including System Security Plans (SSPs), Risk Assessment Reports, and Security Controls Traceability Matrix (SCTM).Perform vulnerability/risk assessments, continuous monitoring, and self-inspections to ensure compliance and mitigate risks.Maintain operational security posture, oversee security documentation, and coordinate with stakeholders for accreditation and change management.Mentor junior staff, improve cybersecurity processes, and provide subject matter expertise on advanced technologies.Collaborate with system administrators and engineers to enhance policies, processes, and risk mitigation strategies.Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.Perform cyber defense trend analysis and reporting.Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).Assess adequate access controls based on principles of least privilege and need-to-know.Work with stakeholders to resolve computer security incidents and vulnerability compliance.Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.Assure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals.

Basic Qualifications:

Active Top Secret security clearance.Minimum of 5 years of experience with a B.S. in Computer Science, or equivalent education/work experience.Expertise in RMF, NIST SP 800-53, STIGs, SCAP, and classified infrastructure.Proficiency in security tools like eMASS and XACTA.Strong communication skills for engaging senior government leaders and technical peers.IAT Level II certification per DoD 8140.This position has an on-site requirement of 5 days a week on-site.

This requisition requires the candidate to have a minimum of the following clearance(s):

Top Secret

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

Top Secret

Salary compensation range and midpoint:

$123,000 - $154,000 - $185,000 Annual

Work Location Type:

Onsite

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.

Benefits information may be found here.

Copyright © 1997-2025, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.