Job Description
Description
Overview:
We are seeking a motivated, career and customer oriented Cyber Incident Response (CIR) Lead interested in joining our Cyber Security Operations Center (CSOC) team in support of the Department of Veterans Affairs (VA). This is a Day Shift Position, hours are 7am-3pm . (This is a 24/7/365 environment. Some weekends and holidays are possibly required per your schedule).
This is an onsite role. You will be working on site in either Washington, D.C., Austin, TX, or Martinsburg, WV.
Responsibilities:
- Utilize various security tools (e.g., Splunk, Splunk Enterprise Security, Palo Alto Networks, SourceFire, Cisco ASA, Microsoft Defender Endpoint (MDE) to identify potential incidents network intrusions, and malware events, etc. to ensure confidentiality, integrity, and availability of VA architecture and information systems are protected.
- Track investigations in Help Desk systems including such as Service Now.
- Utilization of Splunk ES SIEM to respond to incidents detected on the VA network.
- Reviewing and analyzing log files to report any unusual or suspect activities.
- Utilize incident response use-case workflows, standard operating procedures (SOPs) and Playbooks to follow established and repeatable processes for triaging and escalating.
- Generating trouble tickets and performing initial validation and triage to determine whether incidents are security events.
- Following established incident response procedures to ensure proper escalation, analysis and resolution of security incidents.
- Develop and maintain Incident Response procedures and Security SOPs.
- Analyzing and correlating incident event data to develop preliminary root cause and corresponding remediation strategy.
- Communicate effectively to all customers and stakeholders.
- Work with other contract teams to effectively respond to cyber incidents.
- Analyze Phishing emails and determine appropriate next steps.
- Analyze malware events and determine appropriate next steps.Provide oversight and hands-on leadership in coordinating incident response functions.
- Ensure effective alert monitoring, data ingestion, logs collection and analysis, incident handling, and remediation and reporting efforts by Incident Response Teams.
- Reporting to the CIR Program Manager, supervise and mentor a highly effective team of incident responders and analysts to correlate, respond to, analyze, triage, mitigate, and contain sophisticated and evolving security threats.
- Monitor deliverable and SLA compliance on each shift, notifying the Government when a deliverable is in danger of not being met or an SLA has been exceeded.
- Function as an escalation point and subject matter expert for all staff assigned to CIR
- Coordinate with on-duty Government staff concerning all shift tasks, ticket follow up, escalations and incident response activities.
- Facilitate shift handoff calls and actions daily on each shift and join Government shift handoff meetings at the discretion of the Government.
- Hold touchpoint meetings with CIR Government staff on shift to discuss incident investigations, tasks, or concerns, and advise on major incidents/events.
- Manage all shift staffing issues reporting to the CIR Contractor Manager and CSOC Program Manager.
Qualifications
Required Education and Experience:
- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Criminology, or similarly relevant field and 8 years of relevant experience. Eight (8) years of relevant work experience may substitute in lieu of a degree.
- Five (5) years of progressively responsible experience in one of the following: cyber security, information security, security engineering, or network engineering with emphasis in cyber security issues and operations, computer incident response, systems architecture, and data management.
- Candidates must be eligible to obtain a Public Trust based on the Department of Veteran Affairs regulations.
- Candidate must also exhibit proficient use of cyber tools, including the following related security activities: Security Information and Event Management (SIEM) endpoint detection and response tools Intrusion Prevention/Detections systems (IPS/IDS) and case management platforms.
- Requires one of the following certifications:
- GIAC Certified Incident Handler
- EC-Council’s Certified Incident Handler (E|CIH)
- GIAC Certified Incident Handler (GCIH)
- Incident Handling & Response Professional (IHRP)
- Certified Computer Security Incident Handler (CSIH)
- Certified Incident Handling Engineer (CIHE)
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Overview
SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective and efficient solutions that are critical to achieving our customers' missions.
We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.9 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.