InfoSec Monitoring & Response Lead

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

MITRE's Cyber Defense Operations Department is seeking a Lead for the Monitoring & Response (M&R) team as the Group Lead and operational lead for the function. This critical role will oversee M&R operations, including response to cyber alerts, threat hunting, automation, and incident response. The M&R Manager will work closely with other groups within the Cyber Defense Operations Department, as well as partner teams across MITRE's cyber and enterprise technology organizations.

The M&R Lead will help shape the operational roadmap for M&R, manage M&R tools and capabilities, drive process documentation and continuous improvement, and lead the technical team during incident response activities. This role also has responsibilities for hiring, staffing, performance reviews, and building an environment of employee engagement, mission outcomes, and operational excellence. The ideal candidate possesses a deep understanding of cyber operations, especially monitoring, response, and incident response, through extensive experience within or outside of MITRE.

Roles & Responsibilities:

Day-to-Day Operation

• Lead daily operations, ensuring timely triage, investigation, escalation and resolution of security events.
• Manage operational workflows, priorities, and analyst execution across monitoring and response activities.
• Partner closely with the Threat Intelligence and Detection Engineering team to improve alert fidelity, response playbooks, and threat-informed monitoring.
• Provide technical domain-specific knowledge and leadership to the M&R team.
• Drive operational consistency through documented procedures, escalation paths, and response workflows.

Incident Response

• Serve as the technical lead for cyber incident response, coordinating investigation, containment, eradication, and recovery activities across affected stakeholders and technical teams.
• Provide clear direction, rapid decision-making, and effective execution during IR.
• Conduct or oversee forensic triage, scope analysis, evidence collection coordination, impact assessment, and root cause analysis as needed.
• Lead post-incident reviews and ensure lessons learned are translated into improved detections, response actions, and control enhancements.
• Communicate incident status, operational risks, and response recommendations clearly to technical and non-technical audiences.

Strategic Planning and Execution

• Plan, develop, and oversee M&R operational outcomes.
• Track M&R work and priorities while ensuring effective execution across the team.
• Drive continual improvement of monitoring coverage, response effectiveness, and analyst efficiency.
• Identify gaps in visibility, coverage, and telemetry and recommend improvements to tooling, instrumentation, and detections.
• Help ensure the team has the skills, coverage, and readiness needed to support MITRE's cyber defense mission.
• Help evaluate tools, platforms, and service providers that improve cyber monitoring and incident response operations.
• Contribute to roadmap development for M&R and incident response capability maturation across people, process, and technology.
• Collaborate with peer organizations across Cyber Defense Operations, other cybersecurity departments, and the Enterprise Technology division.

Growth and Capability Development

• Use threat intelligence, incident trends, and operational metrics to drive improvements in use cases, procedures, and response capabilities
• Lead, coach, and develop cyber monitoring and response personnel, helping build a high-performing and mission-focused team environment.
• Establish performance expectations, provide regular feedback, and support staff growth in technical and operational competencies.
• Build team capabilities in emerging monitoring, automation, and incident response practices.

Financial Management

• Manage the M&R budget, including training and travel for the team.
• Evaluate the cost, effectiveness, and operational value of current and potential tools and services.

Leadership and Team Management

• Be an active member of the Cyber Senior Leadership Team.
• Ensure staff are assigned meaningful work and are appropriately planned against operational and project needs.
• Represent the needs and unique perspectives of staff to Department leadership.
• Advocate for M&R competencies and establish new work opportunities.
• Ensure the hiring, development, and shaping of skills, capabilities, and diversity needed within the team's workforce.

Basic Qualifications:

• Typically requires a minimum of 8 years of related experience with a Bachelor's degree; or 6 years and a Master's degree; or a PhD with relevant experience who can immediately contribute at this job step; or equivalent combination of related education and work experience.
• Hands-on experience in cybersecurity operations, security monitoring, detection triage, and incident response in a large enterprise environment.
• Strong knowledge of enterprise security operations processes, incident handling methodologies, and cyber defense best practices.
• Experience with security operations tools and platforms such as SIEM, EDR, SOAR, ticketing/case management, threat intelligence platforms, and log analysis tools.
• Understanding of attacker tactics, techniques, and procedures and how to operationalize that knowledge in monitoring and response.
• Experience applying information security principles including least privilege, defense in depth, and secure operations.
• Experience shaping and improving security processes, workflows, and operational outcomes.
• Strong project and operational management skills.
• Must have an active Secret U.S Government issued Security Clearance.
• Per the U.S. Government's eligibility requirements, you must be a U.S Citizen to be considered for a security clearance.
• This position requires a minimum of 50% hybrid on-site

Preferred Qualifications:

• Experience as an M&R Analyst or leading a Technical Cyber IR team.
• Experience managing or leading security operations analysts, responders, or similar cyber defense personnel.
• Experience with digital forensics, host-based investigations, network analysis, and cloud incident response.
• Knowledge of security controls and frameworks such as CMMC, NIST 800-171, NIST 800-61, MITRE ATT&CK, and related cyber defense standards.
• Understanding of both cloud and on-premises enterprise environments and the associated monitoring and response challenges.
• Experience with automation and orchestration to improve analyst efficiency and response speed.
• Experience managing vendor relationships, managed service providers, or contracted service providers.
• Experience with business processes such as staffing, workforce planning, performance management, and budgeting support.
• Strong written and verbal communication skills, with the ability to brief technical teams, leadership, and cross-functional stakeholders.
• Proven ability to build trusted relationships and work collaboratively across technical, operational, and business functions.

This requisition requires the candidate to have a minimum of the following clearance(s):
None

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):
Secret

Salary compensation range and midpoint:
$158,800 - $198,500 - $238,200 Annual

Work Location Type:
Hybrid

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.

Benefits information may be found here .

Copyright © 1997-2026, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.