Information System Security Engineer

MIT Lincoln Laboratory is a Federally Funded Research and Development Center (FFRDC) whose mission is research in support of National Security.

* Mission - The Security Services Department's (SSD) overall mission is to identify and counter security threats to the MIT Lincoln Laboratory's mission of development of game-changing technology in support of national security, including guarding against compromise by foreign intelligence agencies and insider threats.
* Culture - We foster an inclusive, opportunity-filled environment of empowered team members from diverse backgrounds.

The ISSE will design, develop, test, integrate and evaluate information system security throughout the system's development life cycle. The ISSE ensures that all security requirements, necessary to protect the organization's mission and business processes, are adequately addressed in all aspects of architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes. Core responsibilities include:

* Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
* Translate proposed capabilities into technical requirements.
* Determine level of assurance of developed capabilities based on test results.
* Develop test plans to address specifications and requirements.
* Install and maintain network infrastructure device operating system software (e.g., IOS, firmware).
* Make recommendations based on test results.
* Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.
* Create auditable evidence of security measures.
* Validate specifications and requirements for testability.
* Analyze the results of software, hardware, or interoperability testing.
* Perform developmental testing on systems under development.
* Perform interoperability testing on systems exchanging electronic information with other systems.
* Perform operational testing.
* Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.
* Record and manage test data.
* Conduct risk analysis, feasibility study, and/or trade-off analysis to develop, document, and refine functional requirements and specifications.
* Design and document quality standards.
* Define baseline security requirements in accordance with applicable guidelines.

You will find significant opportunities to do meaningful work in an environment intentionally designed to be one where you will learn, thrive and belong.
* Leadership: Room to advance on your team or to lead cross-functional projects.
* Growth Opportunities: Potential for lateral and vertical movement.
* Education/Training: Management training, mentorship, in-house and external courses.
* Exposure: Engagement with sponsors, stakeholders, Laboratory leadership and other Departments and Divisions.
* Community: Participation is encouraged for Laboratory social events, Employee Resource Groups (ERGs), clubs and study groups, volunteering and community service projects.

To work with MITLL, all employees must meet certain basic requirements.
* Must be a U.S. Citizen.
* Successfully pass a background check.
* Valid COVID-19 vaccination (to include a booster shot).
* Possess a current in scope Top Secret level security clearance with compartmental program eligibility.

The Laboratory values experiences from diverse backgrounds and occupations. The most successful candidates will have the following skills and qualifications.

* BS degree in Software Engineering, Systems Engineering, Information Security, Computer Science, Cybersecurity, Information Technology, Computer Information Systems, or related discipline is required
* A minimum of 7 years of IT security experience in DoD Information Security is preferred
* Possess a DoD 8570.01-M Information System Architect and Engineers (IASAE) level III baseline certification (e.g. CISSP-ISSAP or CISSP-ISSEP), or be able to obtain one within 6 months of hire
* Technical experience, skills, and course work completed towards an Undergraduate Degree, or industry IT certifications may be considered in lieu of education or DoD security experience requirements
* In-depth knowledge and skills with LINUX environments is preferred
* Knowledge of virtualization technologies and virtual machine development and maintenance.
* Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control).
* Knowledge of system administration, network, and operating system hardening techniques.
* Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
* Ability to operate common network tools (e.g., ping, traceroute, nslookup).
* Ability to monitor measures or indicators of system performance and availability.
* Ability to collaborate effectively with others.
* Ability to function effectively in a dynamic, fast-paced environment.
* Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
* Experience network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
* Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).
* Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

MIT Lincoln Laboratory offers a plethora of benefits for its employees: matching 401k, pension, flexible/hybrid working options, leave (parental, military, etc.), health, dental, vision, pet insurance, tuition reimbursement and continuing studies programs, mentorship networks, and more. For more information, see our Benefits page. As an employee of MIT, you will also receive numerous benefits, discounts and perks.

#Cybersecurity #RMF #ISSE