Summary of Position:
The Cyber Security Operations Analyst II provides hands-on technical support to the Laboratory’s Cyber Security Engineering and Operations team. Primary responsibilities will be to support day-to-day operations of the Cyber SecurityInfrastructure systems. These systems include, but are not limited to, Intrusion Prevention/Detection Systems, firewall, vulnerability scanning, web-proxy, email security as well as internally developed solutions. Responsibilities include managing the full life cycle of security services including requirements gathering, systems design and development, systems integration, QA testing and operational support. The position reports to the IT Security Team lead and must work closely with teams in otherInfrastructure and Laboratory Research areas to provide superior protection to the Laboratory’s information assets.
1. SecurityInfrastructure Operations
a.) Responsible for day to day support and maintaining securityInfrastructure Systems (e.g. Intrusion Prevention Systems, Anti-Virus, Web Proxy Systems, Full Packet Capture, Online and Offline Malware Analysis Systems and SIEM platform)
b.) Duties include but not limited to system troubleshooting, vendor coordination, OS patching and updating.
c.) Ensure all devices are under configuration management, receiving signature updates and maintain operational readiness
d.) Monitor performance metrics and log data for continuous improvement and tuning to match current threats
e.) Update rule-sets/policy on infrastructure systems to support overall Laboratory defensive systems
f.) Maintain and update documentation, including standard operating procedures.
2. SecurityInfrastructure Engineering
a.) Assist in evaluating potential security software, tools or devices.
b.) Assist in testing of new networksecurity systems and changes to existing networksecurity devices.
c.) Develops, publishes, and maintains system documentation (e.g. Requirements, Design/Build, Testing, and SOP) according to department standards.
d) Through log and data analysis determine scope or extent at which other systems were exposed to the same threat.
e) Identify, implement or request solutions (e.g. blocks) to mitigate future risk to the Laboratory.
3. Cyber Security and External Awareness
a.) Participation in external Cyber Securityworking groups (e.g. FFRDC)
b.) Monitor current malicious cyber activity at large and research how vulnerabilities are being exploited and software affected.
c.) Proactively identify opportunities to mitigate potential threats based on research
d.) Proactively identify any patterns within device and server logs based on research to potentially identify systems of interest or mitigate future risk to the Laboratory systems
4. Communication & Collaboration
a) Develop metrics and presentations that demonstrate Threat assessment team effectiveness
b) Coordinate efforts among analyst to enhance mitigation efforts and avoid duplication of efforts.
c) Coordinate with Security Services Department on threat impact, nature and potential scope.
d) Develop and publish detailed Threat Assessment reports as required.
5. Security Projects
a) Evaluate potential security software, tools or devices
b) Test new networksecurity systems and changes to existing networksecurity devices.
c) Develop technical project plans, requirement documentation, test plans, change requests, and communications to users.
This position is under general supervision of the IT Security Operations Team Lead.
This position does not have any financial responsibility. However, technical expertise may be required to assist the Cyber Security Team Lead with annual product support renewals.
This position will maintain frequent contact with internal department and/or Laboratory user community as well as external vendors to maintain communications related to problem resolution, systems upgrades, services and product research. This position also collaborates frequently with the Security Services Department to maintain communication related to incident response procedures.
Knowledge and Skills:
- Strong working knowledge of various enterprise network and standalone infrastructuresecurity systems and technologies.
- Experience with enterprise log management platforms (e.g., Splunk).
- Experience with IDS/IPS systems, Firewalls, Web Proxy and full packet capture systems.
- Proven ability to script in Perl or Python.
- Excellent customer service, written and oral communication skills.
- Demonstrated ability to work in a fast-paced environment at times with minimal supervision and execute operations, project and administrative tasks with a high degree of quality, while following existing processes, establishing new operational procedures, and best practices where necessary.
- Demonstrated ability to work with members of other teams and staff to achieve department and organizational goals.
- Strong understanding of network routing and switching and TCP/IP protocols.
- Strong working knowledge of the Linux Operating system
- Good understanding of the Windows Operating system (desktop and server)
- Ability to work independently toward delivery of goals as well as collaborate in team efforts.
- Skill in building consensus among stakeholders and colleagues.
- Bachelor’s Degree in Computer Science, Information Technologies, Engineering or equivalent experience.
- CompTIA Security+, SANS Certified Incident Handler (GCIH) or equivalent certification
- -Knowledge of DoD and NIST security standards and procedures
- -ITILv3 Foundations Certification
- A minimum of 7 years of overall IT experience
- A minimum of 5 years’ experience in the Information Securitytechnology field
Ability to obtain and maintain a government security clearance.
Occasional off-hour/on-call support is necessary. A certain degree of flexibility of schedule is required as some work (planned/unplanned) must be done outside of major production hours during pre-scheduled maintenance windows.
This position requires an individual with excellent communication (both oral and writing) and organizational skills. The individual must be able to work in a fast-paced environment with minimal supervision. They must be able to execute operations, project, and administrative tasks with a high degree of quality and consistency by following existing operational procedures and best practices. Additionally, the position requires the ability to work with members of other teams and staff to accomplish department and organizational goals.
MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.