Security Operations Center Manager- Incident Response

Job Description

Description

SAIC is seeking a Security Operations Center (SOC) Incident Response Manager to work onsite with our customer at Quantico, VA. This position supports the Marine Corps Cyberspace Operations Group (MCCOG).

This position is contingent upon contract award. If awarded, work will begin in Fall 2023.

Job Summary:  The Security Operations Center (SOC) Incident Response Manager will be responsible for incident response activities throughout the Enterprise.  They will investigate, analyze, and respond to cyber incidents.  All cyber investigations are tracked from creation to completion in an investigation database.  They will also interact with and support subordinate organizations responsible for similar functions in other geographical regions around the world.  The Security Operations Center (SOC) Incident Response Manager will interact with Law Enforcement and Counterintelligence liaisons concerning high profile cyber incidents and/or insider threat related investigations. 

Duties and Responsibilities:

• Collect and analyze network and/or host artifacts from a variety of sources to include logs, system images and packet captures to characterize activity, determine root cause, operational impact, and to enable rapid remediation and/or mitigation of cyber threats within the Enterprise Network through the investigation process.  
• Perform cyber incident triage; to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation. 
• Provide expert technical support and perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support subordinate organizations and system owners. 
• Manage and document cyber defense incidents from initial detection through final resolution methods.
• Demonstrate effectiveness by successfully investigating and responding to Red Team (penetration testing) activity.
• Demonstrate the ability to analyze, detect, and intelligently discuss the following types of attacks, at a minimum: 
  • Man-in-the-Middle
  • Phishing Attacks
  • Ransomware
  • Web Based Attacks (such as Cross-Site Scripting or Server Side Request Forgery, as an example)
  • SQL Injection
  • Authentication Attacks (Such as Brute Force, Pass-the-Hash, or Golden Ticket)
  • Be able to discuss APT tactics, and how they vary from common criminal type Threat Actors
• Ability to understand scripting languages, such as PowerShell or Python.
• Ability to understand query syntax, such as Snort, Suricata, Tool Command Language, Kusto Query Language, and/or Lucene.
• Ability to analyze system logs and complete the lifecycle of events that occurred in a given computer system (Windows and Linux).
• Perform memory analysis on a Window’s system.
• Ability to analyze technical data and then effectively communicate impact statements to non-technical leadership. 

Qualifications

Position Requirements:

• Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.
• 5+ years serving on an Incident Response Team/Mission
• IAT II Certification (i.e. CCNA-Security, CySA+ **, GICSP, GSEC, Security+ CE, CND, or SSCP)
• DODD 8570 CSSP Track: CSSP Incident Responder
• Active TS/SCI Clearance

View Additional positions with this team here: https://jobs.saic.com/mccogEM

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.

We are approximately 26,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.