Title: Information System Security Engineer Location: Lexington, MA, US Workplace: 12 - Security Services Department Department: Cyber Security Job Description: The Security Department’s overall mission is to identify and counter security threats to the MIT Lincoln Laboratory’s mission of development of game-changing technology in support of National Security, including guarding against compromise by foreign intelligence agencies and insider threats. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage; and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies. We foster a culture where security professionals are empowered to solve complex security problems in close collaboration with Laboratory research teams and Government counterparts. Our people are our most important resource, and we encourage a casual and flexible opportunity-filled working environment that is technology-focused. Where mission needs can be met, the Security Services Department encourages flexible schedules and hybrid remote work arrangements. Who are we? MIT Lincoln Laboratory is a Federally Funded Research and Development Center (FFRDC) whose mission is research in support of National Security. - Mission - The Security Department’s (SD) overall mission is to identify and counter security threats to the MIT Lincoln Laboratory’s mission of development of game-changing technology in support of national security, including guarding against compromise by foreign intelligence agencies and insider threats. - Culture – We foster an inclusive, opportunity-filled environment of empowered team members from diverse backgrounds. What will you do? - Assist in the security design and configuration of classified systems and networks in a variety of traditional and virtual environments including Linux, Mac, and Windows. - Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. - Integrate, test, and configure Free and Open Software (FOSS), Commercial-off-the-Shelf (COTS), Government-off-the-Shelf (GOTS), and custom software Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels or transfer of information through Cross Domain Solutions (CDS). Provide security direction to design and development teams, monitor progress and productivity through planning and the use of metrics - Assist in developing System Security Plans (SSPs) and associated artifacts such as network diagrams, architectural plans, operating system baselines, and standardized configurations - Provide input and direction within DevSecOps programs from application security testing toolset selection (SAST, DAST, dependency analysis) to application security assessments. - Apply Protected Distribution System (PDS) requirements and TEMPEST concepts to existing and planned infrastructure. - Analyze network, system, and application vulnerability scanning, configuration assessment, and remediation for improvements to strategies. - Act as Laboratory information security representative to multiple DOD Agencies - Lead efforts to prepare for technical parts of periodic organization compliance assessments - Perform information security policy gap analysis and formulate corrective actions. - Assist ISSM team as needed with compliance audits, system authorization, sanitization, and incident response. - Assist Information Security Management in performing oversight of information security operations for Collateral systems. How will you grow? You will find significant opportunities to do meaningful work in an environment intentionally designed to be one where you will learn, thrive and belong. - Leadership: Room to advance on your team or to lead cross-functional projects. - Growth Opportunities: Potential for lateral and vertical movement. - Education/Training: Management training, mentorship, in-house and external courses. - Exposure: Engagement with sponsors, stakeholders, Laboratory leadership and other Departments and Divisions. - Community: Participation is encouraged for Laboratory social events, Employee Resource Groups (ERGs), clubs and study groups, volunteering and community service projects. What will you need/Requirements? To work with MITLL, all employees must meet certain basic requirements. - Have a current Top Secret Clearance with SCI eligibility - Current Counter Intelligence (CI) Polygraph or consent to undergoing a Government CI Polygraph - Must be a U.S. Citizen. - Successfully pass a background check - BS degree in Computer Science, Information Technology, Computer Information Systems, or related discipline is required. - Technical experience and skills, course work completed toward a degree, and industry IT certifications may be considered substitutes for education and DoD security experience. - Active knowledge of DISA Policy STIGs, and NIST RMF is required - Technical skills in securing multiple traditional and virtual systems including Windows Server 2016 and 2019, Windows 11, Red Hat Enterprise Linux, Ubuntu, Mac, etc. - Experience developing and integrating Data Loss Prevention strategies utilizing Endpoint Security solutions - Demonstrated capabilities in presenting ideas written and orally within a cross-functional environment required Ideally you will have The Laboratory values experiences from diverse backgrounds and occupations. The most successful candidates will have the following skills and qualifications. - A minimum of 6 years of IT security experience in DoD Industrial Security is required, leadership skills relevant to this experience - Possess a DoD 8570.01-M IASAE Level II baseline certification or ability to obtain one with 6 months of employment, ISC2 CISSP - Experience and skill developing and integrating various sized network environments, to include various network infrastructure products such as routers and switches is desired - Prior experience working in a collaborative team environment - Prior experience working with Special Access Programs government networks Hiring Range: $114,600 - $151,900 Disclaimer: MIT Lincoln Laboratory provides a typical hiring range as a good faith estimate of what we reasonably expect to offer for this position at the time of posting. The final salary offered to a selected candidate will depend on various factors, including—but not limited to—the scope and responsibilities of the role, the candidate’s experience, skills and education/training, internal equity considerations and applicable legal requirements. This range reflects base salary only and does not include additional forms of compensation or benefits. At MIT Lincoln Laboratory, our exceptional career opportunities include many outstanding benefits to help you stay healthy, feel supported, and enjoy a fulfilling work-life balance. Benefits offered to employees include: - Comprehensive health, dental, and vision plans - MIT-funded pension - Matching 401K - Paid leave (including vacation, sick, parental, military, etc.) - Tuition reimbursement and continuing education programs - Mentorship programs - A range of work-life balance options - ... and much more! Please visit our Benefits page for more information. As an employee of MIT, you can also take advantage of other voluntary benefits, discounts and perks. Selected candidate will be subject to a pre-employment background investigation and must be able to obtain and maintain a Secret level DoD security clearance. MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required. Requisition ID: 42992

Role Description The Cybersecurity Assurance Analyst (Audit) is an experienced member of the Information Security Compliance and Audit team with responsibilities for coordinating and executing a variety of compliance audit controls to ensure compliance with Information Security Policy, industry standards, and various compliance standards. - Monitors, tests, and coordinates audit and compliance activities related to one or more specific compliance programs/standards. - Coordinates external audit activities on a periodic basis. - Supports multiple compliance programs. - Facilitates working with internal customers of a wide variety of audiences. - Possesses excellent organizational skills to ensure that the necessary documentation is retained for review by other organizations as appropriate. Qualifications - Bachelor's degree with 6+ years of experience or Master's degree with 4+ years of experience. - 2-3 years practical experience with controls validation and compliance testing of CMMC audits, SSAE 16, AT-101 (SOC 1 / SOC 2), PCI, ISO, HIPAA, Privacy, NACHA, or SOX IT General Computer Controls auditing or similar audit experience. - Professional/technical certifications such as CISA, CISSP, GSEC, or CISM or willingness to pursue. Requirements - Work independently and as an experienced member of a team to manage the execution of multiple security controls validations simultaneously with specific deadlines. - Manage the assigned compliance program to successful completion each year. - Manage scope and project timelines and assist in managing the project budget. - Manage day-to-day vendor relationships and assist with vendor evaluations (or Requests for Proposals) as needed. - Suggest improvements to the compliance and audit control processes. - Document execution of information security controls and any findings identified during the control validation cycle. - Consult with control owners such as system administrators, database administrators, application owners and others on developing complete and repeatable control processes including control documentation such as procedures, control evidence, narratives, control matrices, metrics reports, etc. - Develop an understanding of each compliance standard and the validation requirements to satisfy the standards, including any policies, rules and regulations or laws governing the area reviewed. - Consult with internal clients on information security topics, providing guidance on compliance with corporate policy, standards, procedures, and industry best practices. - Communicate potential control gaps to management along with suggested remediation. - Educate and train process owners on compliance obligations. - Monitor and respond to customer and sales requests for information on various compliance initiatives. - Identify control deficiencies and/or process inefficiencies and develop process improvements. - Maintain and monitor progress of remediation steps on identified control deficiencies. Benefits - Comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. - Bonus structure (short-term incentives, long-term incentives and/or sales compensation).

• Design comprehensive identity and AI access solutions that scale with our business growth, from AI agent governance frameworks to privileged access workflows that eliminate standing access through just-in-time provisioning • Lead identity and access engineering for our enterprise AI platforms including administration, SSO and SCIM integration, audit logging, data controls, and policy enforcement for Claude (web, Claude Code, Cowork) and adjacent tools • Codify our identity platforms in Terraform, leading the migration of Okta, Lumos, and our NHI platform from click-ops to peer-reviewed infrastructure-as-code, with a focus on global critical policies • Refactor our authentication framework to implement advanced conditional access controls such as device trust, location-based policies, risk-based step-up authentication, and behavioral analytics across our entire SaaS ecosystem • Pioneer non-human identity governance by designing monitoring and management solutions for service accounts, API keys, certificates, AI agents, and MCP integrations, and leading deployment, integration, and operationalization of our NHI platform across the SaaS estate • Drive cross-functional initiatives with Security, IT, Engineering, Enterprise AI, and the Office of the CIO to extract requirements from ambiguous business needs and translate them into actionable technical specifications • Mentor senior and intermediate engineers on technical implementation and strategic thinking, helping them develop expertise in modern identity and AI security practices

• Build and maintain strong relationships with AWS account teams, technical teams, and partner contacts to drive co-sell and joint GTM opportunities • Enable AWS teams to prospect and sell with Upwind, representing our solutions effectively to their customers • Train and support Upwind’s sales organization on working with AWS for co-sell, marketplace, and partner programs • Track and report on co-sell activity, joint pipeline, and partner-influenced deals, providing actionable insights to leadership • Collaborate with internal sales, marketing, and solutions engineering teams to execute joint campaigns, co-branded programs, and GTM initiatives • Support AWS Marketplace activities, including private offers, deal registration, and partner funding programs • Manage a large number of contacts and programs, ensuring organized and timely follow-up