Cyber Security Operations Analyst

Requisition ID: 24142 

The Cyber Security Operations Analyst II provides hands-on technical support to the Laboratory’s Cyber Security Engineering and Operations team. Primary responsibilities will be to support day-to-day operations of the Cyber Security Infrastructure systems. These systems include, but are not limited to, Intrusion Prevention/Detection Systems, firewall, endpoint protection, vulnerability scanning, web-proxy, SIEM, and email security as well as internally developed solutions. Responsibilities include managing the full life cycle of security services including requirements gathering, systems design and development, systems integration, QA testing and operational support. The position reports to the IT Security Team lead and must work closely with teams in other Infrastructure and Laboratory Research areas to provide superior protection to the Laboratory’s information assets.

Primary Duties: 

Security Infrastructure Operations

• Responsible for day to day support and maintaining security Infrastructure Systems (e.g. Intrusion Prevention Systems, Anti-Virus, Web Proxy Systems, Full Packet Capture, Online and Offline Malware Analysis Systems and SIEM platform)
• Duties include but not limited to system troubleshooting, vendor coordination, OS patching and updating.
• Ensure all devices are under configuration management, receiving signature updates and maintain operational readiness
• Monitor performance metrics and log data for continuous improvement and tuning to match current threats
• Update rule-sets/policy on infrastructure systems to support overall Laboratory defensive systems
• Maintain and update documentation, including standard operating procedures.

Security Infrastructure Engineering

• Assist in evaluating potential security software, tools or devices.
• Assist in testing of new network security systems and changes to existing network security devices.
• Develops, publishes, and maintains system documentation (e.g. Requirements, Design/Build, Testing, and SOP) according to department standards.

• d) Through log and data analysis, determine scope or extent at which other systems were exposed to the same threat.
• e) Identify, implement or request solutions (e.g. blocks) to mitigate future risk to the Laboratory.

Cyber Security and External Awareness

• Participation in external Cyber Security working groups (e.g. FFRDC)
• Monitor current malicious cyber activity at large and research how vulnerabilities are being exploited and software affected.
• Proactively identify opportunities to mitigate potential threats based on research
• Proactively identify any patterns within device and server logs based on research to potentially identify systems of interest or mitigate future risk to the Laboratory systems

Communication & Collaboration

• Develop metrics and presentations that demonstrate Threat assessment team effectiveness
• Coordinate efforts among analyst to enhance mitigation efforts and avoid duplication of efforts.
• Coordinate with Security Services Department on threat impact, nature and potential scope.
• Develop and publish detailed Threat Assessment reports as required.

Security Projects

• Evaluate potential security software, tools or devices
• Test new network security systems and changes to existing network security devices.
• Develop technical project plans, requirement documentation, test plans, change requests, and communications to users.

Required Knowledge and  Skills:

• A minimum of 7 years of overall IT experience
• A minimum of 5 year's of experience in information security technology field

• Strong working knowledge of various enterprise network and standalone infrastructure security systems and technologies.
• Experience with enterprise log management platforms (e.g., Splunk).
• Experience with IDS/IPS systems, Firewalls, Web Proxy and full packet capture systems.
• Proven ability to script in Perl or Python.
• Excellent customer service, written and oral communication skills.
• Demonstrated ability to work in a fast-paced environment at times with minimal supervision and execute operations, project and administrative tasks with a high degree of quality, while following existing processes and establishing new operational procedures and best practices where necessary.
• Demonstrated ability to work with members of other teams and staff to achieve department and organizational goals.
• Strong understanding of network routing and switching and TCP/IP protocols.
• Strong working knowledge of the Linux Operating system
• Good understanding of the Windows Operating system (desktop and server)
• Ability to work independently toward delivery of goals as well as collaborate in team efforts.
• Skill in building consensus among stakeholders and colleagues.
• Ability to obtain and maintain a government security clearance.

Preferred:

• Bachelor's Degree in Computer Science, Information Technologies, Engineering or equivalent experience.
• CompTIA Security+, SANS Certified Incident Handler (GCIH) or equivalent certification
• Knowledge of DoD and NIST security standards and procedures
• ITILv3 Foundations Certification

OTHER:

Occasional off-hour/on-call support is necessary. A certain degree of flexibility of schedule is required as some work (planned/unplanned) must be done outside of major production hours during pre-scheduled maintenance windows.

MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.