Who are we?

MIT Lincoln Laboratory is a Federally Funded Research and Development Center (FFRDC) whose mission is research in support of National Security.

• Mission - The Security Services Department’s (SSD) overall mission is to identify and counter security threats to the MIT Lincoln Laboratory’s mission of development of game-changing technology in support of national security, including guarding against compromise by foreign intelligence agencies and insider threats.
• Culture – We foster an inclusive, opportunity-filled environment of empowered team members from diverse backgrounds.

What will you do?

Will provide cybersecurity support to several independent MIT Lincoln Laboratory’s Special Programs. Core responsibilities include:

• Assist and Support necessary compliance activities (e.g., ensure that cyber system security configurations guidelines are followed, compliance monitoring occurs).
• Continuously validate the organization against cybersecurity policies/guidelines/procedures/regulations/laws to ensure compliance.

• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
• Conduct continuous monitoring and track audit findings and provide countermeasure and mitigation recommendations to ensure that appropriate actions are taken to secure critical R & D data.

What will you do (cont.)?

• Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.
• Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to key stake holders.

• Recognize a possible security violation and take appropriate action to report the incident, as required.
• Assist the Program Managers and the Information System Security Manager (ISSM) in the development and maintenance of System Security Plans (SSP) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Report, and Continuous Monitoring Strategy.
• Ensure systems are operated, maintained, and disposed of in accordance with organization security policies and procedures.
• Provide periodic cybersecurity reviews of network, system, and application vulnerability scanning, configuration assessment, and remediation.
• Lead and align information technology (IT) security priorities with the security strategy.
• Prepare for and participate in periodic organization compliance assessments.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.

How will you grow?

You will find significant opportunities to do meaningful work in an environment intentionally designed to be one where you will learn, thrive and belong.

• Leadership: Room to advance on your team or to lead cross-functional projects.
• Growth Opportunities: Potential for lateral and vertical movement.
• Education/Training: Management training, mentorship, in-house and external courses.
• Exposure: Engagement with sponsors, stakeholders, Laboratory leadership and other Departments and Divisions.
• Community: Participation is encouraged for Laboratory social events, Employee Resource Groups (ERGs), clubs and study groups, volunteering and community service projects.

What you need:

To work with MITLL, all employees must meet certain basic requirements.

• The ability to obtain and maintain a Top-Secret clearance with SCI.
• Must be a U.S. Citizen.
• Successfully pass a background check and consent to undergoing a government polygraph examination.

Ideally, you will have/Requirements:

The Laboratory values experiences from diverse backgrounds and occupations. The most successful candidates will have the following skills and qualifications.

• A minimum of 4 years of IT security experience in DoD cybersecurity is preferred
• Possess a DoD 8570.01-M IAM I baseline certification (e.g. CompTIA Security+), or be able to obtain one within 6 months of hire
• Technical experience, skills, and course work completed towards an undergraduate degree, or industry IT certifications may be considered in lieu of education or DoD security experience requirements
• Demonstrated understanding of the following security frameworks is required:
  • NIST 800-53 / Risk Management Framework (RMF)
  • Joint SAP Implementation Guide (JSIG)
  • Intelligence Community Directive (ICD) 503
  • National Industrial Security Program Operating Manual (NISPOM) Chapter 8
  • DoD Manual 5205.07 Volumes 1- 4

Ideally, you will have/Requirements (cont.):

• Experienced in auditing, configuration and vulnerability management
• Experience and familiarity with multiple operating systems such as Windows Server 2012, 2016, 2019, and 2022 Windows 10 and 11, Red Hat Enterprise Linux, Ubuntu, Mac, etc.
• Experience with virtualization and Cloud technologies is preferred
• Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
• Technical experience securing networks and systems utilizing DISA STIGs and/or SRGs is highly desired
• Demonstrated experience with vulnerability scanning and auditing tools and processes is required
• Excellent written and verbal communication skills are required