Security Analyst
MIT Lincoln Laboratory, Lexington, MA, United States
Position Description
The Security Analyst III is responsible for performing operational support for network defenses, conducting risk analysis on cyber threats, and managing security alerts and suspicious system or network activity. This role is part of the ISD Cyber Security Operations team and works closely with other teams in ISD Cyber Security from incident initiation to closure. The analyst evaluates and tests security tools and devices, identifies methods to mitigate future risks, and assists in maintaining the health and configuration of security tools.
This position is under the general supervision of the Operations Team Lead and does not have financial responsibility.
Primary Duties
Cyber Security Operations
Build and administer cyber protection tools, including creating and maintaining standard operating procedures (SOPs)
Expand expertise and become a subject matter expert in cyber protection tools
Ensure cyber protection tools are fully utilized to protect the laboratory
Cyber Threat Analysis & Assessment
Rapidly assess and determine active threats
Perform threat analysis of suspicious messages to determine if they are spam, phishing, or targeted emails
Analyze attachments and URL links for malicious content
Investigate sensor detections and alerts to determine threat severity or false positives
Determine scope of exposure to other systems through log and data analysis
Coordinate efforts among analysts to enhance mitigation efforts and avoid duplication
Coordinate with Security Services Department on threat impact, nature, and potential scope
Identify, implement, or request solutions to mitigate future risk to the laboratory
Perform data and system of interest antivirus scans
Knowledge and Experience with Cyber Security in Cloud (AWS, Azure, etc.) and DevSecOps
Infrastructure as code
Scripting
External awareness
Research current malicious cyber activity
Research how vulnerabilities are being exploited and software affected
Proactively identify opportunities to mitigate potential threats
Pattern detection in device and server logs through log analysis
Security projects: evaluate, test, and document security software and devices
Develop technical project plans, requirement documentation, test plans, change requests, and user communications
Minimum Qualifications
CompTIA CYSA+ Certification or equivalent
Working knowledge of security tools and devices including SIEM and SOAR tools
Working knowledge of cyber security in cloud/devSecOps, including scripting (Python preferred)
Understanding of TCP/IP network protocols and application layer protocols (e.g., HTTP, SMTP, DNS)
Experience analyzing log data for malicious activity and creating detections and alerts
Good understanding of Windows, Mac, and Linux operating systems and event logging
Ability to work independently toward delivery of goals and collaborate in team efforts
Skill in interviewing users to determine source of potential malware or suspicious activity
Strong technical documentation skills (SOPs, incident reports, knowledge base articles)
Advanced knowledge of Endpoint Detection and Response (EDR) technologies and alert triage
Working knowledge of firewall technologies, rule management, and network traffic analysis
Excellent customer service skills
Excellent verbal and written communication skills
Preferred Qualifications
Bachelor's Degree in Computer Science, Information Technologies, Engineering, or equivalent experience
SANS GCIH (GAIC Certified Incident Handler) or equivalent
Skill in organizing and managing projects
Skill in building consensus among stakeholders and colleagues
Experience
4+ years of experience in various cyber security/SOC roles
Additional Information
Ability to obtain and maintain a government security clearance.
Occasional off‑hour/on‑call support is necessary; a certain degree of flexibility of schedule is required.
The role requires excellent communication, organizational skills, and the ability to work in a fast‑paced environment with minimal supervision to execute operations, projects, and administrative tasks with high quality.
Hiring Range
$95,700 - $126,700
Benefits
Comprehensive health, dental, and vision plans
MIT‑funded pension
Matching 401K
Paid leave (vacation, sick, parental, military, etc.)
Tuition reimbursement and continuing education programs
Mentorship programs
A range of work‑life balance options
Additional benefits as provided by MIT Lincoln Laboratory
Requisition ID
42932
EEO Statement
MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.
#J-18808-Ljbffr
The Security Analyst III is responsible for performing operational support for network defenses, conducting risk analysis on cyber threats, and managing security alerts and suspicious system or network activity. This role is part of the ISD Cyber Security Operations team and works closely with other teams in ISD Cyber Security from incident initiation to closure. The analyst evaluates and tests security tools and devices, identifies methods to mitigate future risks, and assists in maintaining the health and configuration of security tools.
This position is under the general supervision of the Operations Team Lead and does not have financial responsibility.
Primary Duties
Cyber Security Operations
Build and administer cyber protection tools, including creating and maintaining standard operating procedures (SOPs)
Expand expertise and become a subject matter expert in cyber protection tools
Ensure cyber protection tools are fully utilized to protect the laboratory
Cyber Threat Analysis & Assessment
Rapidly assess and determine active threats
Perform threat analysis of suspicious messages to determine if they are spam, phishing, or targeted emails
Analyze attachments and URL links for malicious content
Investigate sensor detections and alerts to determine threat severity or false positives
Determine scope of exposure to other systems through log and data analysis
Coordinate efforts among analysts to enhance mitigation efforts and avoid duplication
Coordinate with Security Services Department on threat impact, nature, and potential scope
Identify, implement, or request solutions to mitigate future risk to the laboratory
Perform data and system of interest antivirus scans
Knowledge and Experience with Cyber Security in Cloud (AWS, Azure, etc.) and DevSecOps
Infrastructure as code
Scripting
External awareness
Research current malicious cyber activity
Research how vulnerabilities are being exploited and software affected
Proactively identify opportunities to mitigate potential threats
Pattern detection in device and server logs through log analysis
Security projects: evaluate, test, and document security software and devices
Develop technical project plans, requirement documentation, test plans, change requests, and user communications
Minimum Qualifications
CompTIA CYSA+ Certification or equivalent
Working knowledge of security tools and devices including SIEM and SOAR tools
Working knowledge of cyber security in cloud/devSecOps, including scripting (Python preferred)
Understanding of TCP/IP network protocols and application layer protocols (e.g., HTTP, SMTP, DNS)
Experience analyzing log data for malicious activity and creating detections and alerts
Good understanding of Windows, Mac, and Linux operating systems and event logging
Ability to work independently toward delivery of goals and collaborate in team efforts
Skill in interviewing users to determine source of potential malware or suspicious activity
Strong technical documentation skills (SOPs, incident reports, knowledge base articles)
Advanced knowledge of Endpoint Detection and Response (EDR) technologies and alert triage
Working knowledge of firewall technologies, rule management, and network traffic analysis
Excellent customer service skills
Excellent verbal and written communication skills
Preferred Qualifications
Bachelor's Degree in Computer Science, Information Technologies, Engineering, or equivalent experience
SANS GCIH (GAIC Certified Incident Handler) or equivalent
Skill in organizing and managing projects
Skill in building consensus among stakeholders and colleagues
Experience
4+ years of experience in various cyber security/SOC roles
Additional Information
Ability to obtain and maintain a government security clearance.
Occasional off‑hour/on‑call support is necessary; a certain degree of flexibility of schedule is required.
The role requires excellent communication, organizational skills, and the ability to work in a fast‑paced environment with minimal supervision to execute operations, projects, and administrative tasks with high quality.
Hiring Range
$95,700 - $126,700
Benefits
Comprehensive health, dental, and vision plans
MIT‑funded pension
Matching 401K
Paid leave (vacation, sick, parental, military, etc.)
Tuition reimbursement and continuing education programs
Mentorship programs
A range of work‑life balance options
Additional benefits as provided by MIT Lincoln Laboratory
Requisition ID
42932
EEO Statement
MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.
#J-18808-Ljbffr