Information Security Threat Intelligence Analyst

The MIT Lincoln Laboratory, located in Lexington, Massachusetts, is a United States Department of Defense research and development center chartered to apply advanced technology to problems of national security.

The Security Services Department's overall mission is to ensure a safe and secure environment and protect MIT Lincoln Laboratory at all facilities in which staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies. The Cyber Threat Intelligence Analyst will research and prioritize risks to the Laboratory information, networks and systems and conduct continuous proactive fusing of human "unstructured/raw" cyber threat intelligence with "structured" technical intelligence and shared indicators of compromise across the spectrum of threats, vulnerabilities, and system configurations. Selected candidate will work to identify potential and actual cyber threats to DoD, Laboratory and sponsor information systems and networks. Continually coordinate with DoD, Federal, Law Enforcement, and Intelligence organizations, as well as other Defense Industrial Base (DIB) partners to exchange and share information where appropriate. Conduct cyber threat intelligence research using all available sources of intelligence regarding domestic and state-sponsored threats. Analysis includes classified and open-source research of targeted threats, vulnerabilities and exploits. Efforts include the identification of adversary Tactics, Techniques and Procedures (TTPs), including information regarding adversary attribution, methods of operation and pattern recognition of tools used for exploitation.

Duties: * Drive better day-to-day defenses, by helping to refine and prioritize focus on specific threats, vulnerabilities, and system configurations. * Manage and audit the processes that implement the Laboratory's information security data feeds (IP addresses, URLs, or volume-based indicators) as they are entered into perimeter and host-based protection systems for machine to machine consumption. * Participate as key member of the Cyber Security Incident Response Team (CSIRT) and assist in and conducting response to incidents in conjunction with fellow network defenders. * Act as subject matter expert on adversary TTPs, malware, vulnerabilities, and systems configurations (network and host-based) as they pertain to system compromises and malware infections. * Support the analysis of host-based malicious software by identifying key indicators of compromise (command and control, persistence mechanisms, etc) and relating them to known adversary techniques. * Inform Laboratory leadership for improved decision making. * Enable and participate in critical decisions that affect and guide Laboratory network security posture. * Develop and provide Executive-level reports and analysis products for consumption by Laboratory leadership personnel. * Develop and provide detailed technical reports for consumption by the Laboratory's various information security operations and policy implementation teams. * Provide staff awareness to existing and emerging cyber threats. * Provide subject matter expertise of the cyber threat landscape and information security policy to the Laboratory community. * Assist in the development of policy recommendations and improvements identified through the analysis of emerging technologies and during course of incidents and investigations. * The position requires a high level of communication skills to include the ability to provide training and briefings to all levels of Laboratory staff and industry partners. * Excellent verbal briefing and writing skills are required, as the majority of work includes communication of threat analysis products. * The successful candidate must have excellent follow-up and problem solving skills.

Requirements: * Bachelor’s degree in Computer Science, Information Technology, Computer Information Systems, or related field is required * 3-5 years cyber incident response, strong understanding of enterprise networks, protocols, security infrastructure experience required * Substantial knowledge of network attack vectors, exploitation techniques, and exfil channels * Experience with network security analysis tools (NetWitness, WireShark, or etc.) * Malware analysis skills, with a general understanding of reverse engineering techniques * Understanding of host operating systems (e.g. Windows internals, Mac, Linux, etc.) * Demonstrated capabilities in presenting ideas written and orally within a cross-functional environment required * Experience with Snort or other network-based signature development capabilities * Experience with Yara, OpenIOC, or other host-based signature development capabilities * Network penetration testing experience * Prior experience in a DoD / Intelligence community network security operations environment is preferred * Specific network security operations experience and/or advanced academic degrees and certifications in Information Assurance, Information * Security or Computer Forensics and IT certifications may be considered substitutes for education or experience requirements. * The successful candidate will be subject to pre-employment investigation and must meet all eligibility requirements for access to classified information including compartmented programs. * Ability to gain and maintain a government security clearance required. * U.S. Citizenship is required