Incident Response Analyst

Job Description

Description

SAIC is seeking an Incident Response Analyst with an active TS/SCI (CI or FS Polygraph a plus) to work onsite with our customer at Fort Meade, MD.

This position supports the Comprehensive Cyber Support Services II (CCSS II). CCSS II is a SAIC Prime DoD contract that supports Marine Corps Forces Cyberspace Command. Team SAIC delivers high impact subject matter expertise to help solve complex operational challenges the Marine Corps faces in this dynamic domain of warfare. Our SMEs cover the spectrum from All Source Intelligence Analysts, full spectrum CO Planners, CND/IR, and OCO mission management. 

The CND Analyst shall identify, collect, and analyze network and host data, and report events or incidents that occur or might occur within a network to mitigate immediate and potential network and host threats.

The individual shall perform computer network defense (CND) incident triage, to include:

• Determining urgency, and potential impact;
• Identifying the specific vulnerability; and making recommendations that enable expeditious remediation;
• Perform initial, forensically sound collection of images and inspect to determine mitigation/remediation on enterprise systems;
• Perform real-time computer network defense (CND) incident handling (e. g., forensic collection, intrusion correlation/tracking, threat analysis, and direct system remediation) task to support Incident Response Teams, receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts, and track and document computer network defense (CND) incidents from initial detection through final resolution;
• Employ defense-in-depth principles and practices, collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential computer network defense (CND) incidents within the enterprise; 
• Assist with analysis of actions taken by malicious actors to determine initial infection vectors, establish a timeline of activity and any data loss associated with incidents;
• Provide expert technical support to enterprise-wide CND technicians to document CND incidents, correlate incident data to identify specific vulnerabilities and to make recommendations enabling remediation;
• Ideal candidate would have scripting experience such as Python and PowerShell.  

Qualifications

Required education and experience:

• Bachelors and nine (9) years or more experience; four (4) years or more experience accepted in lieu of degree.

Required skills:

• Must have Incident Response experience.

Required certification:

• Must obtain an IAT Level III within six (6) months of hire.

Required clearance:

• Must have a TS/SCI w/CI poly (FS polygraph is acceptable).

Desired Skills:

• Scripting experience such as Python & PowerShell. Additional experience in writing code is highly desirable.
• Expertise with the SOCOM Enterprise is highly desirable.
• IAT Level III certification (CISSP, CASP+ CE, GCED, GCIH, CISA, CCNP Security).
• OSCP and/or OSCE.

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.

We are more than 26,500 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a respectful work culture based on diversity, equity, and inclusion that values all contributors. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.1 billion. For more information, visit saic.com.