Cybersecurity Risk Analyst
Lexington, MA

Job Description

Security Services

The Security Services Department's overall mission is to ensure a safe and secure environment and protect MIT Lincoln Laboratory at all facilities in which staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies.

Cybersecurity Risk Analyst (ITS Level II):

The Massachusetts Institute of Technology Lincoln Laboratory (MIT LL), a national leader in scientific research and development in support of National Security, located outside Boston, Massachusetts is seeking a Cybersecurity Risk Analyst within the Security Services Department.

The Cybersecurity Risk Analysis Team is a Tier-3 technical analysis section within the Information Security Group. It provides specialized technical and operational threat intelligence and analysis capabilities in support of many challenging technical security issues within the Laboratory. Team members are encouraged to meet their full human potential and professional growth by being provided career opportunities that challenge and maximize the limits of their existing skill sets. Staff members maintain proficiency through a wide variety of training opportunities, collaborative efforts and the analysis of difficult problems in support of national security.

The Cybersecurity Risk Analyst uses his/her technical experience to quickly understand multiple networked computer environments and determine whether the appropriate level of security measures are in-effect based on applicable security best practices and/or governing policies and regulations. As such, the position collaborates with other highly skilled members of the Information Security Group, Security Services Department (SSD), and Information Services Department (ISD). Each member of this team is experienced in a wide variety of related disciplines that together comprise a select group of professionals focused on providing multi-disciplined Information Assurance (IA) and Cyber Security oversight activities and reporting in support of the Laboratory research mission. The position works with both research and operations staff to provide timely and quality guidance and oversight to ensure that regulatory and compliance risks are adequately identified, communicated, and tracked for remediation. This position is primarily responsible for conducting security compliance audits, Data Security Plans (DSPs), cybersecurity risk analysis, information security risk assessments and policy, process and procedure development in accordance with cognizant DoD standards, as well as information security industry best practices. The position performs audits of classified and unclassified Information Systems (IS) to ensure that they are in compliance with applicable laws and government regulations, to include the National Industrial Security Program Operation Manual (NISPOM) guidelines regarding the protection of classified information systems, National Institute of Standards and Technology (NIST) standards and special publications and Laboratory Information System Security Procedures. The position requires significant report writing and briefing to key staff members, Group and Division Leadership across the Laboratory.

Using both existing tools and working in collaboration with Laboratory research staff on new cyber defense techniques and technologies, the Cybersecurity Risk Analyst helps develop and maintain auditing programs to validate compliance with various government regulations and Laboratory Information Security policies. The position participates in the investigation and remediation of network contaminations, performs system security audits, wireless security scans, and network vulnerability assessments. The analyst will also conduct security/risk assessments of emerging technology and report findings to management via written communications. The position requires a high level of technical expertise and the ability to conduct open source and internal research to identify current threat indicators, exploits and vulnerabilities. The position also requires a high level of communication skills to include the ability to provide training and briefings to all levels of Laboratory staff and industry partners. Excellent writing skills are required, as the majority of work includes documenting findings, observations and deliverables. The successful candidate must have excellent follow-up and problem solving skills.

Primary Duties Include:

* Perform Information Systems (IS) audits
* Complete System Security Plan (SSP) / Data Security Plan (DSP) cybersecurity risk analysis
* Advise network engineers on results of cybersecurity risk analysis
* Execute and support major Laboratory network security initiatives
* Develop and enforce information security policy
* Conduct staff security outreach and engagement
* Provide information security decision support
* Conduct emerging technology security assessments
* Conduct vulnerability scanning and patch compliance
* Conduct cyber research collaboration and risk mitigation
* Provide staff security awareness and training
* Support incident response and remediation efforts
* Produce security risk and impact assessment reports

Position Requirements:

* Bachelor's degree in Computer Science, Information Technology, Computer Information Systems, or related field is required.
* Information Assurance Certifications preferred (CISSP/CISA, Security+, GSEC, or equivalent)
* Prior experience in a DoD Industrial Security environment is preferred.
* Advanced academic degrees and/or certifications in Information Assurance, Information Security or IT certifications may be considered substitutes for DoD security experience.
* Experience in compliance auditing, security reviews, or vulnerability assessments is desired.
* Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e., CISSP, CISA) may be considered substitutes for education and experience.
* Demonstrated capabilities in presenting ideas written and orally are required.
* Local as well as some overnight travel may be required.
* Familiarity with requirements identified in the National Industrial Security Operations Manual (NISPOM) regarding the protection of classified information systems is preferred.
* The successful candidate will be subject to pre-employment investigation and must meet all eligibility requirements for access to classified information including compartmented programs.
* The ability to obtain and maintain a government security clearance is required. Preference will be given to candidate with an existing Top Secret government clearance.

For Benefits Information, click http://hrweb.mit.edu/benefits

MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.

Requisition ID: 26411