ISD has nine service teams as well as a department office, a business, training, and communication office, an enterprise architecture office, and a project management office. The offices and teams collaboratively span a wide array of service areas, all supporting the Laboratorys mission and goals. Together, we form a unified team:a trusted advisor, partner, and provider of information strategy, applications, and technology services throughout the Laboratory.
Job Description 13;
The Cyber Security Team monitors and protects Laboratory research from IT threats. The team operates a security operation center which analyzes network traffic to find and eliminate threats from malware, spear fishing, and other attacks against the Lab. The Cyber Operations Team builds and supports those systems as well as manages or influences infrastructure security tools such as proxy servers, IDS, IPS, network monitoring systems and log management systems (SIEM). The Cyber Operations Analyst reports to the Cyber Security Operations Team lead and must work closely with other teams in infrastructure and research areas to assess proposed solutions as well as provide feedback about modifications to existing systems and solutions.
Primary Duties:
Cyber Infrastructure support and maintenance
:
Install, configure and maintain security applications, appliances and solutions
:
Complete capacity planning for existing systems providing direction to leadership on growth requirements and if necessary changes in architecture to meet growing demands
:
Assess new Cyber Security solutions and plan implementations
:
Maintain hardware and software inventory of systems for the Cyber Operations Team
:
Create new procedures where none exist, improve and streamline existing procedures
Long Description 13;
General Security Projects and tasks
:
Assess security posture of proposed projects from within the group as well as from other ISD teams and the Research community
:
Maintain and optimize configurations of Internet Proxy, IDS, email filtering, network monitoring tools and end point protection products
:
Work closely with the Network Team to assess proposed changes to firewalls and VPN infrastructure
:
Daily support of SOC including Tier1 assignments
:
Take part in on call rotation
Security Infrastructure Operations
:
Responsible for day to day support and maintenance of Cyber Team servers and appliances
:
Duties include but are not limited to system troubleshooting, vendor coordination, OS patching and updating.
:
Ensure all devices are under configuration management, receiving signature updates, and maintain operational readiness.
:
Monitor performance metrics and log data for continuous improvement and tuning to match current threats.
:
Update rule:sets on infrastructure systems to support overall Laboratory defensive systems and maintenance of the Enterprise Security Log management infrastructure.
:
Assist other team members by acting as secondary support role of various security systems.
:
Threat Analysis
:
Assist the Threat Assessment team with determination of threat level and action to be performed on systems of interest (e.g. through analysis of logs).
:
Identify ways to mitigate future risk to the Laboratory and request blocks to be put in place.
Recommend escalation of systems of interest for policy violations and risk to the threat assessment team.
Short Description 13;
This position is under general supervision of the IT Security Operations Team Lead.
This position does not have any financial responsibility. However technical expertise may be required to assist the Cyber Security Team Lead with annual product support renewals.
This position will maintain frequent contact with internal department and/or Laboratory user community as well as external vendors to maintain communications related to problem resolution, systems upgrades, services and pro