IT Operations Security Analyst

The MIT Lincoln Laboratory, located in Lexington, Massachusetts, is a United States Department of Defense research and development center chartered to apply advanced technology to problems of national security.

The IT Security Operations Analyst II provides hands-on technical support to the Laboratory's Cyber Monitoring and Response team. The Cyber Monitoring and Response team is responsible for 24/7 onsite operations. Primary responsibilities will include monitoring, analyzing, triage and escalation of security events from the incident response queue. Ensure proper documentation of incidents to ensure continuity between teams and shifts. Support cyber operations with ensuring security systems are tuned and functioning at optimal levels. The position reports to the IT Security Team Lead and must work closely with teams in other Infrastructure and Laboratory Research areas to provide superior protection to the Laboratory's information assets.

**Event Monitoring and Response** a) Monitor, analyze, triage and escalate security events from the incident response queue b) Document incidents in the Incident Management System c) Identify ways to mitigate future risk to the Laboratory (e.g. request blocks or other countermeasures). d) Prepare a summary of events to provide at shift turn-over to maintain continuity of operations. **Security Infrastructure Operations** a.) Monitor analyze, and triage security infrastructure system alerts and logs to ensure proper operational efficiency. These include Intrusion Prevention Systems, Anti-Virus, Web Proxy Systems, Full Packet Capture, Online and Offline Malware Analysis Systems and SIEM platforms. b.) Monitor performance metrics and log data for continuous improvement and tuning to match current threats c.) Update rule-sets/policy on infrastructure systems to support overall Laboratory defensive systems d.) Maintain and update documentation, including standard operating procedures. **Cyber threat Analysis** a) Perform threat analysis on suspicious messages to determine if spam, phishing and or a targeted email. b) Analyze sender domains, URLs, and attachments for security risk. Perform log analysis on malicious items to determine scope of threat. Coordinate with users to receive additional context on suspicious messages to help identify security threat. c) Through log and data analysis determine scope or extent at which other systems were exposed to the same threat. d) Analyze attachments or samples downloaded from malicious emails to understand capabilities and recommend next stage containment. e) Identify, implement or request solutions (e.g. blocks) to mitigate future risk to the Laboratory. **External Awareness** a) Research current malicious cyber activity at large. b) Research how vulnerabilities are being exploited and software affected. c) Proactively identify opportunities to mitigate potential threats based on research. d) Proactively identify any patterns within device and server logs based on research to potentially identify systems of interest through log analysis.

**Knowledge and Skills Required:** - 4+ years experience in the information security technology field. - CompTIA Security+ Certification or equivalent. - SANS GCIH (GIAC Certified Incident Handler) or equivalent, which would include solid working knowledge of incident handling. - Working knowledge of security tools and devices. - Basic understanding of TCP/IP. - Basic understanding of SMTP logging and email-based threats. - Good understanding of Windows Operating System and Event logging. - Ability to work independently toward delivery of goals as well as collaborate in team efforts. - Skill in interviewing users to determine source of potential malware or suspicious activity. - Excellent customer service skills. - Demonstrated capabilities in presenting ideas written and orally within a cross-functional environment required - Ability to obtain and maintain a government security clearance. **Preferred:** - Bachelor's Degree in Computer Science, Information Technologies, Engineering or equivalent experience. - Skill in organizing and managing projects. - Skill in building consensus among stakeholders and colleagues. - Knowledge of DoD or NIST 800-53 standards