The ISD Cyber Security Sector is responsible for monitoring and protecting Laboratory information systems. The sector operates and maintains computer network defense (CND) tools and data sources (network and host level) in support of incident response and mitigation processes. Services include briefings to management, advising them of issues that may affect the Laboratory's security posture. The sector also conducts vulnerability assessment scanning at the network, system, and application levels, and coordinates mitigations and communications to the Laboratory community.Job Description
The Cyber Security Analyst III is responsible for performing risk analysis on cyber threats, security alerts, systems of interest, and other suspicious system or network activity. The Cyber Security Analyst III is part of the ISD Cyber Threat Assessment Team. The Cyber Threat Assessment Team is actively involved with security incident handling and works closely with the Security Services Department from the start to the closure of an incident. Through data analysis, the Security Analyst identifies methods to mitigate future risk to networked systems. The Security Analyst researches external malicious cyber activity to proactively identify ways to mitigate risk to the network. Also as part of the Cyber Security Sector the Security Analyst assists in the evaluation and testing of security tools and devices. Advance Adversary Detectiona) Research methods to detect and alert on possible advanced threat actors.b) Obtain Intelligence on developing advanced actor TTP's.c) Analyze samples from suspect system for further Indicators of Compromised) Identify ways to mitigate future risk to the Laboratory and request blocks to be put in place.Cyberthreat Analysis & Assessmenta) Rapid assessment and determination of active threats.b) Perform threat analysis on suspicious messages to determine if spam, phishing and or a targeted email.c) Analyze attachments and URL links for malicious contentd) Investigate sensor detections and alerts to determine severity of threat or false positive.e) Through log and data analysis determine scope or extent at which other systems were exposed to the same threat.f) Identify, implement or request solutions (e.g. blocks) to mitigate future risk to the Laboratory.External Awarenessa) Research current malicious cyber activity at large.b) Research how vulnerabilities are being exploited and software affected.c) Proactively identify opportunities to mitigate potential threats based on research.d) Proactively identify any patterns within device and server logs based on research to potentially identify systems of interest through log analysis.Communication & Collaborationa) Develop metrics and presentations that demonstrate Threat assessment team effectivenessb) Coordinate efforts among analyst to enhance mitigation efforts and avoid duplication of efforts.c) Coordinate with Security Services Department on threat impact, nature and potential scope.d) Develop and publish detailed Threat Assessment reports as required.Security Projectsa) Evaluate potential security software, tools or devicesb) Test new network security systems and changes to existing network security devices.c) Develop technical project plans, requirement documentation, test plans, change requests, and communications to users.This position is under general supervision of the IT Security Team Lead. This position does not have any financial responsibility. However technical expertise may be required for assisting with product selection and annual product support renewals.This position will maintain frequent contact with internal department and/or Laboratory user community as well as external vendors to maintain communications related to problem resolution, systems upgrades, services and product research. This position interacts frequently with the Security Services Department to maintain communication related to data recovery for forensics analysis based on request, and identification of policy violations, systems of interest putting the network at risk, threats of interest or messages of interest. Knowledge and Skills
Required:CompTIA Security+ Certification or equivalentWorking knowledge of security tools and devices such as Intrusion Prevention/Detection Systems, Firewall, Endpoint Protection, Vulnerability Scanning, Web-Proxy, SIEM, Enterprise Log Management Platforms, Email Security and full packet capture systems.Basic understanding of TCP/IP.Basic understanding of SMTP logging and email-based threats.Good understanding of Windows Operating System and Event logging.Demonstrated ability to work in a fast-paced environment at times with minimal supervisionDemonstrated ability to execute operations, project and administrative tasks with a high degree of quality.Skill in interviewing users to determine source of potential malware or suspicious activity.Excellent customer service, written, and oral communications skills.Excellent verbal and written communication skills. Preferred:Bachelor??s Degree in Computer Science, Information Technologies, Engineering or equivalent experience preferred.GIAC GCIH Certification (Certified Incident Handler) to include a solid working knowledge of incident handling or equivalentExperience conducting threat hunt operations using known adversary tactics, techniques and procedures as well as indicators of attack.Proven ability to script in Perl, Python or other language for task automation.Solid understanding of TCP/IP protocols.Solid understanding of Windows, Linux and Mac OSX operating systems.Skill in organizing and managing projects.Skill in building consensus among stakeholders and colleagues. Experience:4+ years?? experience in the information security technology field. OTHER:Ability to obtain and maintain a government security clearance.Occasional off-hour/on-call support is necessary. A certain degree of flexibility of schedule is required as some work (planned/unplanned) must be done outside of major production hours during pre-scheduled maintenance windows. Additional InformationThis position requires an individual with excellent communication (both oral and writing) and organizational skills. The individual must be able to work in a fast-paced environment at times with minimal supervision and execute operations, project and administrative tasks with a high degree of quality, while following existing processes and establishing new operational procedures and best practices where necessary. Additionally, the position requires the ability to work with members of other teams and staff to accomplish department and organizational goals. MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.
Associated topics: cybersecurity, forensic, identity, identity access management, idm, malicious, security engineer, threat, violation, vulnerability