MIT Lincoln Laboratory Company
Location Lexington, MA, US
Seniority Level: Entry level
Industry
• Information Technology & Services
• Defense & Space
• Research
Employment Type: Full-time
Security Services
The Security Services Department’s overall mission is to ensure a safe and secure environment and protect MIT Lincoln Laboratory at all facilities in which staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies.
Job Summary
The Cybersecurity Risk Analyst IT IC Level 3 uses his/her technical experience to quickly understand multiple networked computer environments and determine whether the appropriate level of security measures are in-effect based on applicable security best practices and/or governing policies and regulations. This position requires collaboration with other highly skilled members of the Information Security Group, Security Services Department (SSD), Information Services Department (ISD) and Technical Research Divisions. The position works with both research and operations staff to provide timely and quality guidance and oversight to ensure that regulatory and compliance risks are adequately identified, communicated, and tracked for remediation. This position is primarily responsible for conducting security compliance audits, Data Security Plans (DSPs), cybersecurity risk analysis, information security risk assessments and policy, process and procedure development in accordance with cognizant DoD standards, as well as information security industry best practices. The position performs audits of classified and unclassified Information Systems (IS) to ensure that they are in compliance with applicable laws and government regulations, to include the National Industrial Security Program Operation Manual (NISPOM) guidelines, DoD Risk Management Framework (RMF), Defense Federal Acquisition Regulation Supplement (DFARS) – 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting, Security Technical Implementation Guides (STIGs), Defense Security Service (DSS) Assessment and Authorization Manual (DAAPM), National Institute of Standards and Technology (NIST) standards and special publications and Laboratory Information System Security Procedures. The position requires significant report writing and briefing to key staff members, Group and Division Leadership across the Laboratory. The position also requires a high level of communication skills, to include the ability to provide training and briefings to all levels of the organization. Excellent writing skills are required in order to complete extensive written reports, documenting inspection findings and observations.
Primary Duties
• Audit information systems according to NIST SP 800-37 and 800-53, 800-171, NISPOM and DFARs frameworks
• Perform risk analysis and reporting on DFARs, NIST RMF, and NISPOM compliance
• Perform complex analysis of risk of security exceptions through the data security plan process
• Recommend and develop mitigations to facilitate continued research despite exceptions from traditional security controls
• Develop and enforce information security policy
• Conduct staff security outreach and engagement
• Assess security risks of cutting edge technology
• Support vulnerability management operations through documentation and reporting of findings to lab leadership
• Support incident response and remediation efforts
Requirements
• Bachelor’s degree. Preference to candidates with technical degrees in Computer Science, Information Technology, Computer Information Systems, or related field.
• Master’s degree in one of the above fields is preferred
• CISSP, CISA, CAP, Security+, GSEC, or equivalent
• 3-5 years of experience with NIST 800-53 controls / NIST Risk Management Framework
• Experience reviewing/analyzing vulnerability scans or configuring host based security solutions is a plus.
• Demonstrated capabilities in presenting ideas written and orally are required.
• Some local and overnight travel may be required (less than 10%).
• Selected candidate will be subjected to a pre-employment background investigation and possess a current in scope Top Secret level security clearance with compartmental program eligibility.
For Benefits Information, click http://hrweb.mit.edu/benefits
Need Additional Cyber Security Training?
Try these online classes
- IBM Data Science Professional Certificate by IBM
- Java Programming and Software Engineering Fundamentals Duke University
- Cloud Computing by University of Illinois
- Data Mining by University of Illinois
- Applied Data Science with Python by University of Michigan
- Data in Database by Arizona State University
- Excel Skills for Business by Macquarie University
- Financial Management by University of Illinois
- Financial Reporting by University of Illinois
Selected candidate will be subject to a pre-employment background investigation and must be able to obtain and maintain a Secret level DoD security clearance.
MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.
Requisition ID: 29311 #CJ
