The ISD Cyber Security Sector is responsible for monitoring and protecting Laboratory information systems. The sector operates and maintains computer network defense (CND) tools and data sources (network and host level) in support of incident response and mitigation processes. Services include briefings to management, advising them of issues that may affect the Laboratory's security posture. The sector also conducts vulnerability assessment scanning at the network, system, and application levels, and coordinates mitigations and communications to the Laboratory community.
The Cyber Security Threat Assessment Team Lead is responsible for providing leadership and oversight in performing risk analysis on cyber threats, security alerts, systems of interest, and other suspicious system or network activity. The Threat Assessment Lead is actively involved with security incident handling and works closely with the Security Services Department from the start to the closure of an incident. Through collaboration with the Threat Assessment team members as well as SSD, the Threat Assessment Lead continuously looks for ways to improve on the methods used to mitigate future risk to networked systems. The Threat Assessment Lead researches external malicious cyber activity to proactively identify ways to mitigate risk to the network. Also as part of the Cyber Security Sector, the Threat Assessment Lead assists in the evaluation and testing of security tools and devices.
Advanced Adversary Detection
Coordinate research methods and procedures used to detect and alert on possible advanced threat actors.
Obtain and organize intelligence on developing advanced actor TTP's.
Able to perform static and dynamic analysis on samples from suspect system for further Indicators of Compromise.
Identify ways to mitigate future risk to the Laboratory and request blocks to be put in place.
Develop long term strategies to enhance Laboratory security posture.
Cyber Threat Analysis & Assessment
Coordinate efforts to ensure rapid assessment and mitigation of active threats.
Perform threat analysis on suspicious messages to determine if spam, phishing and or a targeted email.
Analyze attachments and URL links for malicious content.
Investigate sensor detections and alerts to determine severity of threat or false positive.
Through log and data analysis determine scope or extent at which other systems were exposed to the same threat.
Identify, implement or request solutions (e.g. blocks) to mitigate future risk to the Laboratory.
Continually evaluate external intelligence sources for opportunities to improve Laboratory defense strategies.
Research current malicious cyber activity at large.
Research how vulnerabilities are being exploited and software affected.
Proactively identify opportunities to mitigate potential threats based on research.
Proactively identify any patterns within device and server logs based on research to potentially identify systems of interest through log analysis.
Communication & Collaboration
Develop and present metrics that demonstrate threat assessment team effectiveness.
Coordinate efforts among analyst to enhance mitigation efforts and avoid duplication of efforts.
Coordinate with Security Services Department on threat impact, nature and potential scope.
Develop and publish detailed Threat Assessment reports as required.
Evaluate potential security software, tools or devices.
Test new network security systems and changes to existing network security devices.
Develop technical project plans, requirement documentation, test plans, change requests, and communications to users.
This position is under general supervision of the Cyber Security Sector Manager.
This position does not have direct financial responsibility. However,technical expertise may be required for assisting with product selection.
This position will maintain frequent contact with internal department and/or Laboratory user community as well as external vendors to maintain communications related to project execution.
Knowledge and Skills; Required Minimum:
Bachelor’s degree or relevant work experience.
15+ years’ experience in the information technology field.
8+ years’ experience specifically in the information security field.
SANS GCIH (GAIC Certified Incident Handler) or equivalent, which would include solid working knowledge of incident handling.
Strong working knowledge of various enterprise network and standalone security systems and technologies - including Security Analytics Tools (SIEM), Log Aggregation and correlation, vulnerability assessment to include ACAS, configuration management and auditing, intrusion protection, firewalls, anti-virus, laptop encryption, and digital forensics.
Security+ Certification equivalent or higher certification.
Strong overall network skills (e.g. routing, switching and TCP/IP protocol).
Familiarity with Advanced Persistent Threats.
Working knowledge of incident handling.
Ability to work analytically in a problem-solving environment.
Skills in interviewing users and identifying their needs
Skill in building consensus among stakeholders and colleagues.
Demonstrates the ability to learn new technologies and disciplines quickly.
Relies on experience and judgment to plan and accomplish goals. A wide degree of creativity and latitude is expected.
Ability to obtain and maintain a government security clearance.
A certain degree of flexibility of schedule is required, as some work (planned/unplanned) must be done outside of major production hours during pre-scheduled maintenance windows.
This position requires an individual with excellent communication (both oral and writing) and organizational skills. The individual must be able to work in a fast-paced environment at times with minimal supervision and execute project and administrative tasks with a high degree of quality, while following existing processes, and establishing new operational procedures and best practices where necessary. Additionally, the position requires the ability to work with members of other teams and staff to all necessary department and organizational goals.
MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.