MIT Lincoln Laboratory Information System Security Officer - Special Programs in Lexington, Massachusetts
The Security Services Department's overall mission is to ensure a safe and secure environment and protect MIT Lincoln Laboratory at all facilities in which staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies.
The Information Systems Security Officer (ISSO) – IT IC Level 3 (Special Programs) will provide information systems security support to several independent MIT Lincoln Laboratory programs.
The successful candidate will work independently and as a team member, must be a quick learner, self-motivated, reliable, and able to balance multiple tasks simultaneously. Candidate must have strong interpersonal skills and be able to manage stress in a professional manger. Candidate must be knowledgeable in computer security principles and policies, to include, Security Technical Implementation Guides (STIGs), National Industrial Security Program Operating Manual (NISPOM), NIST 800-53 / Risk Management Framework (RMF), Joint SAP Implementation Guide (JSIG), Intelligence Community Directive (ICD) 503, and DoD Manual 5205.07 Volumes 1- 4. Candidate must have strong technical skills and be able to respond to off-hours emergencies. Position requires occasional local and overnight travel.
Assist and Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.
Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to key stake holders
Core Responsibilities (cont.)
Recognize a possible security violation and take appropriate action to report the incident, as required.
Assist the Program Managers and the Information System Security Manager (ISSM) in the development and maintenance of System Security Plans (SSP) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Report, and Continuous Monitoring Strategy
Ensure systems are operated, maintained, and disposed of in accordance with organization security policies and procedures
Conduct network, system, and application vulnerability scanning, configuration assessment, and remediation
Lead and align information technology (IT) security priorities with the security strategy.
Prepare for and participate in periodic organization compliance assessments
Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
BS degree in Information Security, Computer Science, Cybersecurity, Information Technology, Computer Information Systems, or related discipline is required
A minimum of 4 years of IT security experience in DoD Information Security is preferred
Possess a DoD 8570.01-M IAM I baseline certification (e.g. CompTIA Security+), or be able to obtain one within 6 months of hire
Technical experience, skills, and course work completed towards an Undergraduate Degree, or industry IT certifications may be considered in lieu of education or DoD security experience requirements
Demonstrated understanding of the following security frameworks is required:
NIST 800-53 / Risk Management Framework (RMF)
Joint SAP Implementation Guide (JSIG)
Intelligence Community Directive (ICD) 503
National Industrial Security Program Operating Manual (NISPOM) Chapter 8
DoD Manual 5205.07 Volumes 1- 4
Experience and familiarity with multiple operating systems such as Windows Server 2012, 2016 and 2019, Windows 7 and 10, Red Hat Enterprise Linux, Ubuntu, Mac, etc.
Experience with virtualization and Cloud technologies is preferred
Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
Technical experience securing networks and systems utilizing DISA STIGs and/or SRGs is highly desired
Demonstrated experience with vulnerability scanning and auditing tools and processes is required
Excellent written and verbal communication skills are required
Selected candidate will be subject to a pre-employment background investigation and possess a current in scope Top Secret level security clearance with compartmental program eligibility.
For Benefits Information, click http://hrweb.mit.edu/benefits
Selected candidate will be subject to a pre-employment background investigation and must be able to obtain and maintain a Secret level DoD security clearance.
MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.
Requisition ID: [[id]] #CJ