Cyber Security Engineer- Senior

Job Description

Description

SAIC is seeking a Cyber Defense Manager to work onsite with our customer in Quantico, VA. This position supports the Marine Corps Cyberspace Operations Group (MCCOG). 

This position is contingent upon contract award. If awarded, work will begin in Fall 2023.

Job Summary: The Cyber Defense Signature Manager will be responsible for the continuous development and refinement of signatures, plays, policies, configurations, scripts and indicators used to identify malicious or unauthorized activity via network and host based detection on the Enterprise Network. The analyst will Leverage Snort, Regex, and YARA (or similar methods) to apply logic needed to detect and alert malicious activity at various levels within the environment.  The Contractor shall maintain the Government’s Enterprise Security Information and Event Management (SIEM) systems (four total), both classified and unclassified.

Duties and Responsibilities:

• Provide subject matter expertise in creation, editing, and management of signatures, rules and filters for specialized network defense systems including but not limited to network and ESS IDS, IPS, firewall, web application firewall, proxy and SIEM systems.
  • Leveraging things like Snort, Tool Command Language, Kusto Query Language, Lucene, Kibana Query Language, as examples.
• Provide Security Information and Event Management (SIEM) subject matter expertise in Kafka, Linux, Elastic Search, Logstash, and Kibana.
  • Ability to recommend parsing normalization to help analysts digest and analyze data sets.
• Utilize the Mitre ATT&CK matrix and other threat frameworks to develop detection plays.  Continually refine these processes with the goal of automating their execution.    
• Analyze host and network-based events daily to identify and eliminate large numbers of false positive alerts.    
• Analyze SIEM views daily to ensure views support detection and response operations.  Modify SIEM views to eliminate false-positive or unnecessary alerts.    
• Report suspected network misconfigurations that cause unnecessary events and alerts in the SIEM.  The contractor shall make these reports via the Government’s ITSM trouble ticketing system and by assigning those tickets to the appropriate Government or Contractor entity responsible for managing those sensors or feeds.    
• Demonstrate effectiveness by successfully identifying and/or preventing Red Team (penetration testing) activity.
  • Ability to detect anomalous behavior such as process injection.
  • Ability to correlate processes, services, file, and registry behavior and develop signatures to detect or prevent this threat. (Windows and Linux).
• Review Packet Captures retrieved from signature hits, perform packet analysis to identify true/false positives, and make necessary changes to signature sets as required.

Qualifications

Position Requirements:

• Active TS/SCI clearance
• Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.
• Experience managing a Sensor Grid Support Team
• IAT III Certification (i.e. CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP)
• Must also have DODD 8570 CSSP Infrastructure Support
• Willing to work largely Day Shift but the position is Emergency Essential 

View Additional positions with this team here: https://jobs.saic.com/mccogEM

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.

We are approximately 26,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.