IT Security Operations Analyst II

The MIT Lincoln Laboratory, located in Lexington, Massachusetts, is a United States Department of Defense research and development center chartered to apply advanced technology to problems of national security.

The Information Technology Security Operations Analyst is responsible for the day to day operations of Lincoln Laboratory's IT Security vulnerability assessment, anti-virus, and host-based IPS end-point protection systems. The analyst's goal is to proactively identifying systems which may be prone to exploitation, provide visibility to System Administrators and Management, and to track remediation status. The position reports to the IT Security Team Lead and must work closely with teams in other Infrastructure and Research areas to help reduce the risk of compromise and to enhance the overall security of the Laboratory's information assets.

Primary Duties: Vulnerability Assessment, Anti-Virus, and HIPS * a.) Implement, maintain, and document host based detection tools (Anti-Virus, IPS) and enterprise vulnerability assessment systems and business processes. * b.) Maintain centralized anti-virus signature updates and configuration of heuristic detection and blocking mechanisms on host based IPS. * c.) Create procedures and customized scan configurations appropriate for the desired performance and accuracy. * d.) Perform scheduled scans of Laboratory DoD Classified and Unclassified networks with minimal impact to users. * e.) Provide custom vulnerability reporting for SSD, ISD, and System Administrators as required. * f.) Review and analyze vulnerability results and monitor remediation efforts in coordination with ISD Management and Systems Administrators. Security Infrastructure Operations * a.) Responsible for day to day support and maintenance of security infrastructure systems (e.g. Intrusion Prevention Systems, Anti-Virus, Web Proxy, Full Packet Capture, Online and Offline Malware Analysis Systems, and SIEM platform) * b.) Duties include but are not limited to system troubleshooting, vendor coordination, OS patching and updating. * c.) Ensure all devices are under configuration management, receiving signature updates, and maintain operational readiness. * d.) Monitor performance metrics and log data for continuous improvement and tuning to match current threats. * e.) Update rule-sets on infrastructure systems to support overall Laboratory defensive systems and maintenance of the Enterprise Security Log management infrastructure. * f.) Maintain and update documentation, including standard operating procedures. * g.) Assist other team members by acting as secondary support role of various security systems. Cyber Security and External Awareness * a.) Participation in external Cyber Security working groups (e.g. FFRDC) * b.) Monitor current malicious cyber activity at large and research how vulnerabilities are being exploited and software affected. * c.) Proactively identify opportunities to mitigate potential threats based on research * d.) Proactively identify any patterns within device and server logs based on research to potentially identify systems of interest or mitigate future risk to the Laboratory systems General Security Projects * a.) Assist in evaluating potential security tools, devices, or methods. * b.) Assist in testing of new network security devices and changes to existing network security devices. * c.) Develop project plans, architecture diagrams, requirement documentation, test plans, change requests, and communication to users.

Knowledge and Skills Required: - 5+ years of overall IT experience - 3+ year's experience in IT Security roles (Infrastructure & Operations Security, Privacy & Data Protection, Security Management & Operations, Vulnerability Management, Firewall or Intrusion Prevention Operations, Configuration Auditing, Digital Forensics and Investigation ) - Strong working knowledge of various enterprise network and standalone security systems and technologies - including vulnerability assessment, configuration management and auditing, intrusion detection, firewalls, anti-virus, laptop encryption, and digital forensics. - Proven operational support experience with design and management of vulnerability assessment environments including Tenable Nessus and Security Center. - Proven operational support experience, design, and maintenance of McAfee ePolicy Orchestrator (EPO) and McAfee endpoint protection suite (AV, HIPS, HBSS). - Use of advanced options of common discovery and assessment tools such as Nmap, OpenSSL and Netcat - Configuration auditing and/or monitoring using Nessus and Tripwire Enterprise on Windows, Unix, and Linux systems based on CIS benchmark standards. - Use of various network security systems to assist in the investigation of security anomalies and incidents. - Knowledge of penetration testing and vulnerability assessment strategies. - Knowledge of DoD Networks and procedures for working in classified environments - Ability to obtain and maintain a government security clearance. Preferred: - Bachelor's Degree in Computer Science, Information Technologies, Engineering or equivalent experience preferred. - CISSP or GIAC certifications are preferred - Knowledge of scripting languages Perl, Python, PowerShell, etc. - Knowledge of oD and NIST 800-53 standards - Experience with DoD Computer Network Defense Services, ACAS or HBSS systems is preferred. Other: * Occasional off-hour/on-call support is necessary. * A certain degree of flexibility of schedule is required as some work (planned/unplanned) must be done outside of major production hours during pre-scheduled maintenance windows.