Security Analyst

Position DescriptionThe Security Analyst II is a member of the Threat Assessment Team which performs analysis on cyberthreats, research and develop new methods for detecting cyber threats, reviews and triages security alerts, and other suspicious system or network activity.

The Threat Assessment Team is actively involved with security incident handling and works closely with the Security Services Department from the start to the closure of an incident.

Through data analysis, the Security Analyst identifies methods to mitigate future risk to networked systems. The Security Analyst researches external malicious cyberactivity to proactively identify ways to mitigate risk to the network.

Also as part of the Information Technology Security Team the Security Analyst assists in the evaluation and testing of security tools and devices.

Adversary DetectionResearch and develop ever changing methods to detect and alert on possible threat activityObtain Intelligence on developing actor TTP'sIdentify ways to mitigate future risk to the Laboratory and request blocks to be put in placeAnalyze samples from suspect systems or emails for further Indicators of CompromiseCyber Threat Analysis & AssessmentRapid assessment and determination of active threatsPerform threat analysis on suspicious messages to determine if spam, phishing and or a targeted emailInvestigate sensor detections and alerts to determine severity of threat or false positiveThrough log and data analysis determine scope or extent at which other systems were exposed to the same threatCoordinate efforts among analyst to enhance mitigation efforts and avoid duplication of effortsCoordinate with Security Services Department on threat impact, nature and potential scopePublish detailed Threat Assessment reports as requiredIdentify, implement or request solutions (e.

g. blocks) to mitigate future risk to the LaboratoryExternal AwarenessResearch current malicious cyber activity at largeResearch how vulnerabilities are being exploited and software affectedProactively identify opportunities to mitigate potential threats based on researchProactively identify any patterns within device and server logs based on research to potentially identify systems of interest through log analysisSecurity ProjectsEvaluate potential security software, tools or devicesTest new network security systems and changes to existing network security devicesDevelop technical project plans, requirement documentation, test plans, change requests, and communications to usersThis position is under general supervision of the Threat Team LeadThis position does not have any financial responsibility.

However technical expertise may be required for assisting with product selection and annual product support renewalsThis position will maintain frequent contact with internal department and / or Laboratory user community as well as external vendors to maintain communications related to problem resolution, systems upgrades, services and product researchThis position interacts frequently with the Security Services Department to maintain communication related to data recovery for forensics analysis based on request, and identification of policy violations, systems of interest putting the network at risk, threats of interest or messages of interestQualificationsRequired Minimum : CompTIA Security+ Certification or equivalentAn understanding of TCP / IP network protocols and application layer protocols (e.

g., HTTP, SMTP, DNS, etc.)Good understanding of Windows, Mac and Linux Operating Systems and Event loggingStrong working knowledge of security tools and devices including SIEM and SOAR toolsPrevious experience in developing and implementing detection mechanismsWorking knowledge Cyber Security in Cloud / DevSecOps including scripting (Python preferred)Scripting knowledge including use of APIs to perform integration with systems where possiblePrevious experience developing and deploying cybersecurity solutions to popular cloud platformsPrevious experience analyzing network or system logs for malicious activitySome experience in malware analysis and / or reverse engineering, as well as analyzing email attachments and URL links for malicious contentPrevious experience developing automations and / or playbooks in SOAR environments for response and remediationKnowledge of industry standards such as MITRE ATT&CK, Cyberthreat Kill Chain and NIST standards among othersAbility to work independently toward delivery of goals as well as collaborate in team effortsSkill in interviewing users to determine source of potential malware or suspicious activityExcellent customer service skillsExcellent verbal and written communication skillsPreferredBachelor’s Degree in Computer Science, Information Technologies, Engineering or equivalent experienceSANS GCIH (GIAC Certified Incident Handler) or equivalent, which would include solid working knowledge of incident handlingSkill in organizing and managing projectsSkill in building consensus among stakeholders and colleaguesExperience : 4+ years experience in various cyber security / SOC rolesAdditional InformationAbility to obtain and maintain a government security clearanceOccasional off-hour / on-call support is necessary.

A certain degree of flexibility of schedule is required as some work (planned / unplanned) must be done outside of major production hours during pre-scheduled maintenance windowsAt MIT Lincoln Laboratory, our exceptional career opportunities include many outstanding benefits to help you stay healthy, feel supported, and enjoy a fulfilling work-life balance.

Benefits offered to employees include : Comprehensive health, dental, and vision plansMIT-funded pensionMatching 401KPaid leave (including vacation, sick, parental, military, etc.

Tuition reimbursement and continuing education programsMentorship programsA range of work-life balance options... and much more!Please visit our Benefits page () for more information.

As an employee of MIT, you can also take advantage of other voluntary benefits, discounts and perks () .Selected candidate will be subject to a pre-employment background investigation and must be able to obtain and maintain a Secret level DoD security clearance.

MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information;

U.S. citizenship is required.Requisition ID : id