Cyber Threat Intelligence, Lead

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

Department Summary:

The Modeling, Intelligence, and Simulation for Critical Infrastructure Department (L542) is committed to protecting and strengthening our nation's critical infrastructure. We analyze infrastructure systems and adversary threats to inform risk mitigation and drive stakeholder decisions. Our work integrates expertise in critical infrastructure, cybersecurity, and all-source intelligence, leveraging technical skills across MITRE to develop analytical tools and models that support intelligence collection, risk assessment, mission assurance, and system interoperability.

We focus on full-spectrum cyber operations, including advancing defensive operations to secure both civilian and military infrastructure. Our team develops and maintains MITRE technologies for OT cybersecurity, conducts critical infrastructure assessments, and collaborates with government sponsors on research, lab test environments, and strategic policy guidance. We share our thought leadership within MITRE and across the industry through conferences, presentations, and publications, driving the state-of-the-art in cybersecurity for operational technologies.

Our team includes experts in Operational Technology (Detection Engineers, Embedded Device Specialists, Cybersecurity Experts), Cyber Intelligence, Cyber Policy, and Modeling/Simulation. This diverse expertise allows us to deliver tailored solutions that address the unique needs of government and private sector stakeholders focused on operational technologies in critical infrastructure.

Roles & Responsibilities:

• Apply cyber threat intelligence expertise to assist sponsors or private owner/operators in securing critical infrastructure and performing cyber operations.
• Guide government sponsors or private owner/operators in building and advancing their cyber threat intelligence capabilities and programs.
• Track and analyze adversary tactics, techniques, and procedures (TTPs) relevant to industrial control systems (ICS), Operational Technology (OT), and space system OT, impacting critical infrastructure and national security missions.
• Support cyber threat modeling, risk assessments, and mission impact analyses for critical infrastructure and space systems based on unclassified and classified sources.
• Fuse multiple intelligence sources to develop products and recommendations for sponsors to support mission assurance and risk-informed decision-making.
• Monitor and analyze emerging threats, vulnerabilities, and supply chain risks affecting ICS/OT and Space OT technologies.
• Serve as a subject matter expert (SME) in cyber threat intelligence with a focus on ICS/OT-relevant threats, working closely with OT engineers and domain experts.
• Brief sponsors and senior leaders on threat trends, risks, and mitigation strategies to enhance mission assurance.
• Produce and deliver artifacts and strategic briefings that synthesize classified and unclassified reporting into clear, decision-focused insights for senior leaders.
• Partner with sponsors to identify key intelligence gaps, prioritize collection, and provide feedback to collectors to improve coverage of priority threats.
• Contribute to thought leadership (e.g., white papers, best practice guides, methodologies) on threat-informed defense, cyber risk assessment, and CTI tradecraft for critical infrastructure.

Basic Qualifications:

• Typically requires a minimum of 8 years of related experience with a bachelor's degree; or 6 years and a master's degree; or a PhD with 3 years' experience; or equivalent combination of related education and work experience.
• Degree in Computer Science, Cybersecurity, Information Systems, Intelligence Studies, Strategic Intelligence, or related field.
• Deep understanding of adversary TTPs, including frameworks and models such as ATT&CK, SPARTA, Diamond Model, and Cyber Kill Chain.
• Experience with or strong interest in industrial control systems (ICS), Operational Technology (OT), SCADA environments, space system OT, or demonstrated ability to rapidly learn new mission domains while applying cyber threat intelligence expertise.
• Ability to lead discussions, collaborate across different teams and organizations, and brief technical and non-technical stakeholders.
• Experience collecting, analyzing, and correlating intelligence from unclassified and classified sources, including government, commercial, and industry feeds.
• Must be a US citizen with a TS clearance.
• This position requires a minimum of 50% hybrid on-site at MITRE or government locations.

Preferred Qualifications:

• Demonstrated experience applying frameworks like ATT&CK to real-world campaigns and mapping adversary TTPs to security controls, risk assessments, or defensive measures.
• Experience developing and publishing methodologies or best practices for threat-informed defense, cyber risk assessments, or mapping ATT&CK techniques to security controls.
• Experience designing and implementing CTI knowledge management artifacts (e.g., report templates, playbooks, data models, or visualizations such as attack flows or campaign maps).
• Experience providing analytic support to national cyber defense organizations (e.g., CISA, DoD, IC) or allied partners, including campaign tracking and threat trend analysis.
• Experience conducting and presenting in-depth analysis of APT campaigns or cyber-enabled intellectual property theft for policy-makers or international stakeholders.
• Demonstrated track record of leading multi-disciplinary analysis efforts or small teams to deliver high-impact products for demanding government sponsors.
• Significant hands-on cyber experience-particularly in operational technology (OT) or control systems-within one or more mission domains such as space systems, weapons systems, emerging technologies, critical infrastructure sectors, intelligence analysis, policy, mission assurance, technical targeting, or command and control (C2).
• Advanced knowledge of ICS/OT architectures (e.g., PLCs, DCS, SCADA) and industrial protocols (e.g., Modbus, DNP3, OPC).
• Experience applying structured analytic techniques and intelligence tradecraft in a government or intelligence-community environment.
• History of building trusted relationships with demanding customers or leaders.
• Excellent interpersonal skills, judgment, discretion, and tact.
• Deep technical expertise in one or more areas including modeling and simulation, systems engineering, mission engineering, OT countermeasures, threat emulation, or susceptibility assessment and analysis.
• Advanced degree in Computer Science, Cybersecurity, Information Systems, Intelligence Studies, or a related field.
• Candidates with deep cyber threat intelligence and intelligence tradecraft experience who are motivated to grow their ICS/OT expertise are strongly encouraged to apply.

This requisition requires the candidate to have a minimum of the following clearance(s):
Top Secret

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):
Top Secret/SCI

Salary compensation range and midpoint:
$158,800 - $198,500 - $238,200 Annual

Work Location Type:
Hybrid

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.

Benefits information may be found here .

Copyright © 1997-2026, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.