MIT Lincoln Laboratory IT Security Risk Assessor - Collateral in Lexington, Massachusetts
The Security Services Department’s overall mission is to identify and counter security threats to the MIT Lincoln Laboratory’s mission of development of game-changing technology in support of National Security, including guarding against compromise by foreign intelligence agencies and insider threats. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies.
We foster a diverse and inclusive culture where security professionals from a wide range of backgrounds are empowered to solve complex security problems in close collaboration with Laboratory research teams and Government counterparts. Our people are our most important resource, and we encourage a casual and flexible opportunity-filled working environment that is technology-focused. Where mission needs can be met, the Security Services Department encourages flexible schedules and hybrid remote work arrangements.
The IT Security Risk Assessor position performs audits of classified Information Systems (IS) to ensure that they are being maintained in a compliant manner and are following applicable laws and government regulations, to include the National Industrial Security Program Operation Manual (NISPOM) 32 CFR Part 117 requirements regarding the protection of classified information systems, National Institute of Standards and Technology (NIST) standards and special publications and Laboratory Information System Security Procedures. The candidate must be knowledgeable in computer security principles and policies, to include, Security Technical Implementation Guides (STIGs), NIST 800-53 / Risk Management Framework (RMF) Using existing tools and working in collaboration with Laboratory Information assurance (IA) and research staff, the IA Risk Assessor is responsible for maintaining an audit program to validate compliance with various government regulations and Laboratory Information Security policies. The position is responsible for conducting comprehensive assessments of the management, operation, monitoring and technical security controls employed within or inherited by Information Systems to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome) with respect to meeting the security requirements of the Authorization to Operate (ATO) for the system and for System Security Plan management.
Job Description (cont)
The position requires a high level of technical expertise and the ability to conduct open source and internal research to identify current threat indicators, exploits and vulnerabilities. The position also requires a high level of communication skills to include the ability to provide training and briefings to all levels of Laboratory staff and industry partners. Excellent writing skills are required, as the majority of work includes documenting findings, observations and deliverables. The successful candidate must have excellent follow-up and problem-solving skills.
Audit information systems according to NIST SP 800-37 and 800-53, 800-171, NISPOM and DFARs frameworks
Perform risk analysis and reporting on DFARs, NIST RMF, and NISPOM compliance
Perform complex analysis of risk of security exceptions through the data security plan process
Recommend and develop mitigations to facilitate continued research despite exceptions from traditional security controls
Develop and enforce information security policy
Conduct staff security outreach and engagement
Assess security risks of cutting edge technology
Support vulnerability management operations through documentation and reporting of findings to lab leadership
Support incident response and remediation efforts
Bachelor’s degree. Preference to candidates with technical degrees in Computer Science, Information Technology, Computer Information Systems, or related field.
Master’s degree in one of the above fields is preferred
CISSP, CISA, CAP, Security+, GSEC, or equivalent
3-5 years of experience IT security experience in DoD Industrial Security is preferred, with focus on Defense Federal Acquisition Regulation Supplement (DFARS), NIST SP 800-171, 800-53 and DoD Risk Management Framework
Experience reviewing/analyzing vulnerability scans or configuring host based security solutions is a plus.
Demonstrated capabilities in presenting ideas written and orally are required.
Some local and overnight travel may be required (less than 10%).
Excellent written and verbal communication skills are required
Selected candidate will be subject to a pre-employment background investigation and must be able to obtain and maintain a Top Secret level DoD security clearance
For Benefits Information, click http://hrweb.mit.edu/benefits
Selected candidate will be subject to a pre-employment background investigation and must be able to obtain and maintain a Secret level DoD security clearance.
To safeguard our health and well-being, MIT Lincoln Laboratory requires COVID-19 vaccination for all employees. Individuals may request exemption from the vaccine requirement for medical or religious reason.
MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.
Requisition ID: [[id]] #CJ