MIT Lincoln Laboratory Information Systems Security Manager in Lexington, Massachusetts
The Security Services Department's overall mission is to ensure a safe and secure environment and protect MIT Lincoln Laboratory at all facilities in which staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies.
The Information Security Representative (ISR) - ITS Level II will perform as a program appointed Information Systems Security Manager and provide expert management of all information security support to several independent Laboratory programs assigned. The ISR will be the primary focal point and have an in-depth knowledge of computer security principles, practices, and procedures in order to execute a comprehensive Information Security program to meet both internal and external requirements. The ISR will apply security controls that protect classified and unclassified computer systems in a heterogeneous computer environment which could consist of any variation of Linux, Unix, Sun, Mac, or Windows systems. The ISR will lead and manage daily responsibilities of assigned Information Systems Security Officers (ISSO). The ISR will develop and maintain multiple System Security Plans (SSP); ensuring systems are operated, maintained, and disposed of according to the approved SSP. The ISR will conduct security compliance audits and perform security vulnerability assessments on Laboratory information systems. The ISR will establish and maintain configuration management policies and procedures. The ISR will ensure users and ISSOs are subject to an effective information security education, training, and awareness program. The ISR will facilitate certification and authorization of new and existing systems. The ISR will be able to implement and test IT security policies/procedures as part of a fully integrated IT security program. The ISR will coordinate and participate in the investigation and mitigation of information system adverse events. The ISR will assume ISSO responsibilities in the absence of the ISSO and must be able to respond to off-hour emergencies as needed. Must have demonstrated ability to follow-up and solve problems. Position requires some local and overnight travel.
AS/BS degree in Computer Science, Information Technology, Computer Information Systems, or related field desired.
Minimum of 4 years of IT security experience in DoD Industrial Security is strongly desired, preferably in a compartmented program environment.
Technical experience and skills, course work completed towards a degree, and industry IT certifications may be considered substitutes for education and DoD security experience.
Ability to achieve DoD 8570 IAM Level II Baseline Certification within 6 months of appointment; preferably candidate possesses ISC2 CISSP.
Technical experience and skill securing operating systems such as Linux, Windows Server/client OS, and virtualization technologies.
Experience using vulnerability scanning tools such as NESSUS, SCAP, RETINA, WASP, SECSCN
Experience using audit reduction tools, and endpoint security products.
In-depth working experience directly related to certification and authorization using the following:
NIST 800-53 / Risk Management Framework (RMF)
Joint SAP Implementation Guide (JSIG)
Intelligence Community Directive (ICD) 503
National Industrial Security Program Operating Manual (NISPOM) Chapter 8
Joint Air Force, Army, Navy (JAFAN) 6/3
Exceptional written and verbal communication skills.
Prior experience in working in a collaborative team environment desired.
The successful candidate will be subject to pre-employment investigation and must meet all eligibility requirements for access to classified information including compartmented programs.
The ability to obtain and maintain a government (DoD) security clearance is required.
MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.