Information Systems Security Manager - Unclassified

Date: Mar 3, 2023

Location: Lexington, MA, US

Company: MIT Lincoln Laboratory


The Security Services Department's overall mission is to ensure a safe and secure environment and protect MIT Lincoln Laboratory at all facilities in which staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies.


*** This Position is Hybrid

Who are we?

MIT Lincoln Laboratory is a Federally Funded Research and Development Center (FFRDC) whose mission is research in support of National Security.

  • Mission - The Security Services Department’s (SSD) overall mission is to identify and counter security threats to the MIT Lincoln Laboratory’s mission of development of game-changing technology in support of national security, including guarding against compromise by foreign intelligence agencies and insider threats.
  • Culture – We foster an inclusive, opportunity-filled environment of empowered team members from diverse backgrounds.

What will you do?

Join a team of cybersecurity professionals that are driven to solve complex security problems in collaboration with Laboratory research teams. Core responsibilities include:

  • Prepare the Laboratory for the Cybersecurity Maturity Model Certification (CMMC)
  • Oversee the implementation of CMMC requirements for assigned Laboratory research unit
  • Assist system stakeholders with the translation of CMMC requirements into technical controls at the system level
  • Assist in the development of technical implementation strategies
  • Perform periodic assessments against NIST SP 800-171 and CMMC requirements, including security architecture gap analysis; assist in the development of technical implementation strategies and mitigations

What will you do? (cont.)

  • Continuously validate the organization against cybersecurity policies/guidelines/procedures/ regulations/laws to ensure compliance
  • Assist and support risk and compliance activities (e.g., ensure that cyber system security configurations guidelines are followed, compliance monitoring occurs)
  • Maintain system security plan documentation and plans of action and milestones (POA&M)
  • Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals
  • Conduct security impact analysis for risk exception and waiver requests
  • Assist in the development of policies, processes, procedures and documentation that reflects system security objectives in accordance with applicable laws, statutes, and other regulatory requirements.
  • Ensure systems are operated, maintained, and disposed of in accordance with organization security policies and procedures.

How will you grow?

You will find significant opportunities to do meaningful work in an environment intentionally designed to be one where you will learn, thrive and belong.

  • Leadership: Room to advance on your team or to lead cross-functional projects.
  • Growth Opportunities: Potential for lateral and vertical movement.
  • Education/Training: Management training, mentorship, in-house and external courses.
  • Exposure: Engagement with sponsors, stakeholders, Laboratory leadership and other Departments and Divisions.
  • Community: Participation is encouraged for Laboratory social events, Employee Resource Groups (ERGs), clubs and study groups, volunteering and community service projects.

What you need:

To work with MITLL, all employees must meet certain basic requirements.

  • The ability to obtain and maintain a Secret clearance (clearance not needed to apply)
  • Must be a U.S. Citizen.
  • Successfully pass a background check
  • Relevant education and/or experience

Ideally, you will have/Requirements:

The Laboratory values experiences from diverse backgrounds and occupations. The most successful candidates will have the following skills and qualifications:

  • Education/Experience
    • A minimum of a bachelor’s degree in a technical discipline plus six years of experience, or a master’s degree and a minimum of four years of experience
    • Technical experience, skills, and course work completed towards a degree, or industry IT certifications may be considered in lieu of education or IT security experience

Ideally, you will have/Requirements (cont.):

  • Risk Management and Assessment
    • The ability to read, understand and apply government regulation (FAR, DFARS)
    • Knowledge of information security standards and frameworks such as NIST SP 800-171, NIST SP 800-53, NIST SP 800-37, etc.
    • Familiarity with the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC)
    • A thorough knowledge of risk assessment methodology, such as NIST SP 800-30, Factor Analysis of Information Risk (FAIR), Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), or other risk assessment practices
    • Experience developing and maintaining System Security Plans and associated artifacts, such as a Plans of Action & Milestones, Risk Assessment Report, and Continuous Monitoring Strategy
  • Valued competencies
    • Exceptional interpersonal, organizational, written and verbal communication skills.
    • Technical skillsets are highly valued. Experience as a system administrator, system architect or similar position will help you excel in this role
    • Certified CMMC Professional (CCP) certification
    • Other industry certifications such as, Security+, CISSP, CISA, CISM, etc.

Ideally, you will have/Requirements (cont.):

  • Technical Competency
    • Experience and familiarity with multiple operating systems including Windows Server, Windows 10, Red Hat Enterprise Linux, Ubuntu, Mac, ESXi, VMWare, etc.
    • Experience and familiarity with networking concepts, technologies, solutions, and secure design principles
    • Familiarity and knowledge of enterprise security tools, such as vulnerability scanners, log aggregators, and endpoint protections
    • Understanding of cloud technology and cloud security practices
    • Scripting experience a plus (shell, PowerShell, python, etc.)
    • Familiarity with DevSecOps, code development practices, and code analysis
    • General knowledge of common enterprise technologies, including networking, virtualization, identification and authentication, and configuration management


  • Got more? Candidates with relevant backgrounds will be considered for higher cyber security risk analyst levels, including experience as an Information System Security Officer (ISSO), Information System Security Manager (ISSM), security engineer, system administrator, etc.

For Benefits Information, click

Selected candidate will be subject to a pre-employment background investigation and must be able to obtain and maintain a Secret level DoD security clearance.

To safeguard our health and well-being, MIT Lincoln Laboratory requires COVID-19 vaccination for all employees.  Individuals may request exemption from the vaccine requirement for medical or religious reason.

MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.


Requisition ID: 39614 #CJ


Nearest Major Market: Boston

Job Segment: Cyber Security, Defense, DoD, Military Intelligence, Information Systems, Security, Government, Technology