Responsibilities
The Information Security Analyst Co-Op is responsible for implementing, troubleshooting, and supporting information security infrastructure at Draper. This infrastructure includes the solution’s hardware/software, patching, upgrades, and configuration management. The position must also work closely with other members of the Information Security team to monitor and maintain Draper’s other security systems, mitigating threats to Draper’s network including the triaging and remediation of alerts.
Essential Functions:
Note: All essential functions percent time allotment estimates vary based on many factors, some of which including but not limited to organizational needs, applicants areas of interest, and applicants aptitude.
- Motivated self-starter that can perform research and apply knowledge whilst being confident to ask for insight, guidance, feedback, and support. There will be regularly scheduled check-ins on a cadence on top of shadowing and general projects that will involve collaboration, but one should escalate for aid/guidance as one feels it is warranted.
- Work on long term and short term projects for continual improvement of Enterprise InfoSec that will be an estimated ~10%-50% of hours worked. These will be both team and individually lead with mentor guidance and support.
- Alert Triage/Tuning and Incident Response – estimated ~20%-40% of hours worked.
- Ticket Triage – estimated 10%-30% of hours worked. These range from network segment design, software security assessments with Legal weigh in, cross-team coordination, governance, and more that will provide insight into many items InfoSec has oversight in and considerations around Governance, Risk, and Compliance that have to be made to support engineering and the business at large. This will include meeting with internal customers, as needed, to discuss their success criteria and come to a potential computing security minded solution.
- InfoSec Systems Administration and Continual Improvement – 10%-40% of hours worked depending on organizational needs and applicant’s areas of interest and aptitude. Solutions may include but are not limited to: (H)IPS, DLP, FDE, AV, firewalls, VPN, EDR, EPM, VMS, SIEM, Access Control, etc.
- InfoSec and larger organizational technical and organizational meetings shadowing/participation – 10-30% of hours worked depending on organizational needs and applicant’s areas of interest and aptitude.
Qualifications
Required:
- US Citizen per compliance requirements a DOD contractor must adhere to.
- Enrolled in full-time degree program from an accredited university.
- Occasional off-hour support is necessary to support maintenance windows and incident response scenarios, but we’ll be mindful of the student’s schedule if they are taking classes or have a secondary job that needs to be scheduled around. If an incident arises at 4:50PM on a Wednesday and the student is scheduled to leave at 5PM, it’d be appreciated if they stay to work the incident rather than giving the group a heads up and leaving for the day. Hours can be flexible with managerial approval.
Preferred:
- Basic introductory courses taken in Computing Security, Computer Science, Information Technologies, Engineering OR equivalent experience greatly preferred (certificates in cybersecurity from accredited institutions will be recognized)
- Degree programs that require feedback and grading of student performance for graduation. It is welcome if a degree program requires a student to (privately) grade and submit feedback the program feedback of the company’s performance.
- Experience with various operating systems such as Windows, Linux, MacOS, Android, iOS
- Experience programming, API hook-ins, automation, discrete math logic, SQL
- Experience with regular expressions
- 1+ year of experience in IT Security or Systems Administration roles or classes relating to such roles.
- Excellent written and verbal communication skills
- Ability to obtain and maintain a government security clearance is required if Draper has openings to hire and a student would like to come back full time at a later date in the same or a different (but related) department.
This position and/or the facilities in which its duties will be performed are subject to national security programs imposed and administered under U.S. statutes. Therefore, pursuant to 42 U.S.C. § 2000e-2(g), this position is restricted to U.S. Citizens, and applicants with dual citizenship may not be considered.