Job ID: 195190
Location: RESTON, VA, United States
Date Posted: Sep 22, 2019
Subcategory: Cyber Sec Analyst
Shift: Day Job
Travel: Yes, 25 % of the Time
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: None
Potential for Teleworking: No
SAIC is seeking a Principal Cyber Security Analyst to join our Cyber Security team in Reston, VA.
The BSE Principal will be responsible for analyzing the service request and proposal /bid opportunities and recommending alternatives / exceptions to enable the business for pursuit. Will research ITO Demand Management domain materials to develop SAIC Business leads, contacts, and capture plans. Will support new business proposals through capture activities and responses to requests for proposal (RFPs). Will actively participate in industry groups and conferences to represent and promote the company's capabilities Lead the Cyber Security Business Engagement (CSBE) organization by providing technical vision and security program management fundamentals across the organization.
Bachelors in Information Systems, Computer Science, Information Security or related IT field and nine (9) years or more experience.
Demonstrated previous leadership, deep technical risk analysis, and engineering and architectural design understanding, knowledge and experience.
Ability to write and verbally communicate information security and risk-related concepts effectively to both technical and non- technical audiences.
Must have strong problem- solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations.
Working knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, ISO 27001&27002, ITIL, SOX, and DFARS/FARS). This includes: Applications and Systems Development Security, Security Management Practices, Access Control, Security Architecture and Modeling, Telecommunications, Network Security, Cryptography (PKI), Operations Security, and Physical Security Controls Experience in security hardening and firewall configurations that reflect best practice secure settings based on industry benchmark and / or exceptions that minimize risk to the security and enable business Deep technical knowledge of common cybersecurity engineering, architecture and design and principles.
Fundamental technical knowledge of Active Directory, Windows and Linux OSes, VMWare, SDDC and Virtual firewalls, networks, Oracle, SQL, stored procedures, scripts and reports.
Expertise with NIST and ISO 27000 series, particularly NIST SP 800-53, NIST SP 800-171 r1, ISO 27001/2.
8-10 years relevant risk assessment, information security / analytical experience.
Experience acting as a Subject Matter Expert or team lead providing guidance to others
Strong communication skills; person in this role must be able to successfully communicate with management personnel, technical personnel and third parties
Professional Security Industry Certifications such as CISSP, CCNA, CCIE or other relevant industry certifications through such accrediting bodies such as the DoD, ISC2, ISACA, SANS or Comp TIA.
Proven ability to work with cross-functional teams.
Self-starter, individual contributor; must perform with limited or no supervision.
Possesses proven initiative and developed listening skills.
Demonstrate timely task completion involving solid organizational skills, task tracking, and follow-up, and productive peer interaction.
Possess strong technical writing, verbal and presentation skills especially with communicating to PMOs / senior management.
Provide feedback on internal processes required to help train and mentor other professionals as needed
Worked with Secure Development Life Cycle and Work experience in a mature risk management team with proven risk assessment methodology.
Demonstrate success leading and conducting senior level security risk analysis. Specifically, threat modeling involving system decomposition, threat and vulnerability discovery and mitigation. Understanding of SAIC Security policy, Cyber Security Framework (CSF), Risk Management Framework (RMF) and SANS Top 20 behavioral based threat models, (e.g., ATT&CK, Cyber Kill Chain, Diamond Model, etc.
Strong understanding of cybersecurity and project management fundamentals.
Familiarity with common cybersecurity COTS and FOSS tools and their application in a large enterprise environment.
Experience in the use of MS Project, MS, Visio, SCCM,FIM/ MIM VMware SDDC and other Microsoft products, ServiceNow, Archer and SPLUNK eGRC /SEIMs and other MVM / Nessus, and other security tools to manage the service requests SIARRAs work Queue and other URLs , AoVPNs, NAC exceptions service request / exception management intake points.
Experience with NIST SPs for SSPs, DFARs, FARs , HIPAA & GDPR Encryption and other International security and regulatory standards
Project Management Skills ·Experience with reviewing systems vulnerabilities for risk and relevance.
Experience in planning mitigations for systems vulnerabilities
Extensive understanding of GRC, CRM and Security Champion Program technologies, concepts, policies, processes, best practices, and solutions.
Knowledge of technology trends and developments in the areas of IAM, and knowledge and experience with formal security and control frameworks such as ISO 17799, COSO, ITIL, and NIST SP 800-53
Ensure requirements gathered, processes defined, and use cases documented follow out of the box configuration vs. customization for relevant IAM technologies as much as possible.
Participate Design deployment architectures.
Participate in capacity planning and HW / SW specification recommendation efforts.
Participate in all technology deployment activities ranging from design to architecture to configuration and custom development.
Participate in and/or lead User Acceptance Testing and bug-related engineering efforts.
Design, implement and educate on code deployment, code migration, and source control use.
Provide knowledge transfer and post production support activities as necessary.
Comprehensive understanding of Data Protection solutions and technologies including; Data Loss Prevention (DLP), data masking, tokenization, data classification, and data encryption.
SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability