Join our Talent Network >

Technical Lead – Computer Incident Response Team –Tier2

This job posting is no longer active.

Job ID: 194770
Location: ARLINGTON, VA, United States
Date Posted: Mar 6, 2020
Category: Cyber
Subcategory: Cyber Sec Analyst
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: Top Secret
Clearance Level Must Be Able to Obtain: Top Secret
Potential for Remote Work: No

Share: mail

Job Description

Description

Join SAIC’s cyber security team and work on this effort that encompasses technical, engineering, management, operation, logistical and administrative support for cyber security operations.  The ideal candidate will have broad and deep experience in cyber security with demonstrated successes in supporting a large scale IT infrastructure encompassing overseas and domestic facilities.


The Computer Incident Response Team (CIRT) uses the Network Monitoring and Incident Response System (IDS) Sensor Network to perform near real-time detection, collection, analysis, correlation and reporting of system security events that pose a threat to the Department’s networks. The mission of the CIRT is to work closely with internal and external entities to:


  • Monitor and detect all available computer information systems for infractions;
  • Respond and assist with the resolution of any suspected or successful computer security breach or violation;
  • Share knowledge and intelligence gained from computer security events with stakeholders; and
  • Protect against and prevent potential computer security threats and vulnerabilities.

 

Tier-2: Advanced Analysis and Incident Handling

  • Conduct advance analysis and recommend remediation steps for computer security events and incidents
  • Receive and process events and provide recommendations regarding advanced analysis
  • Coordinate with ISSOs, and others as needed
  • Support computer security incidents identified from non-CIRT organizations, when requested
  • Perform quality control checks of CIRT events
  • Identify advanced techniques and coordinate to improve analysis capabilities
  • Perform advanced malware analysis
  • Coordinate with other Divisions to create and deploy new signatures on existing toolsets

The Technical Lead, CIRT Tier 2 leads and oversees Tier 2 contractor activities for the CIRT program; provides technical and operational oversight. Schedules, coordinates, guides, monitors, tracks and reports on Tier 2 activities and performance. Conducts advance analysis and recommends remediation steps for computer security events and incidents. Ensures established Tier 2 processes and procedures are followed, including during surge support and in interaction with customers. Recommends improvements to increase operational efficiency. Liaises and coordinates with operational managers and other entities within the Department and with outside agencies.


Support CIRT operations and provide Tier 2 intrusion detection analysis and response. Specific activities include but are not limited to the following:


  • Lead Tier-2 analysis support 24x7x365
  • Monitor the CIRT hotline, email inboxes, fax and the Remedy ticketing system
  • Investigate, analyze, remedy, and report on security events and incidents
  • Report incident information to the U.S. CERT
  • Maintain incident logs
  • Produce reports on CIRT activities
  • Participate in the Government Forum of Incident Responders and Security Teams (GFIRST) meetings
  • Collaborate with other local, national and international CIRTs
  • Perform inter-agency liaison; coordinate events/incidents information with operational managers and law enforcement entities within the Department, and with outside agencies
  • Render technical assistance for criminal investigations and non-security related operational events
  • Provide monthly project status report as part of the MIRD Task Status Report by the 15th of each month, containing details as described in paragraph 7.2, Program Management and Administration
  • Report on quality performance measures quarterly as part of the overall Program performance measures review

Qualifications

Qualifications:

Education: A Bachelor’s Degree in Computer Science, Information Systems, Engineering, Telecommunications, or other related scientific or technical discipline. Four (4) additional years of general experience (as defined below) may be substituted for the degree.


General Experience: Eight (8) years of experience in network center management and operation with increasing responsibilities.


Specialized Experience: Five (5) years of current experience in 24x7x365 network security monitoring operations of similar size and scope as the CIRT.

Three (3) years of experience in LANs, WANs, VPNs, network protocols, firewalls, routers, and performing malware analysis. Demonstrated experience in network security systems and products.


Certification Required: CISSP


Technology Required: Remedy Service Management; Netwitness; Net Detector; ISS Site Protector; RealSecure; McAfee IntruShield; SPLUNK log aggregator; Symantec Security Event Manager, and a variety of tools to perform malware analysis.


Location:  Beltsville MD or Rosslyn VA


Shift Work: CIRT operates 24x7x365 and is staffed with Tier 1 and Tier 2 analysts with six (6) eight-hour shifts.


Must be US Citizen with active Top Secret clearance

Desired Qualifications

 

Overview

SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $6.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability

Share: mail

Similar Jobs

Cyber Security Manager

United States
Cyber

Cyber Security/Computer and Network Defense SME

RESTON, VA, United States
Cyber

Senior DevSecOps

FLEXWORK, VA, United States
Cyber

Senior Information System Security Manager (ISSM)

RESTON, VA, United States
Cyber

Principal Cyber Security Analyst

RESTON, VA, United States
Cyber

Senior Information System Security Manager (ISSM)

MCLEAN, VA, United States
Cyber

Senior Security Engineer (VG008060)

SPRINGFIELD, VA, United States
Cyber

Technical Cyber Sec Analyst Principal

BETHESDA, MD, United States
Cyber

Sr. Penetration Tester

MCLEAN, VA, United States
Cyber

Senior Cybersecurity Engineer

SUITLAND, MD, United States
Cyber

Senior Cybersecurity/Vulnerability Analyst

SUITLAND, MD, United States
Cyber

Cyber Security Engineer

SUITLAND, MD, United States
Cyber

Information Systems Security Engineer

MCLEAN, VA, United States
Cyber

Cyber Security Operations Manager

RESTON, VA, United States
Cyber

Cybersecurity Architect

RESTON, VA, United States
Cyber

Cyberspace Operations Engineer II

FORT MEADE, MD, United States
Cyber

Cybersecurity Engineer

RESTON, VA, United States
Cyber

Information Security Manager

RESTON, VA, United States
Cyber

Principal Cyber Security Analyst

RESTON, VA, United States
Cyber

CND / Splunk Engineer (junior - mid)

SPRINGFIELD, VA, United States
Cyber

Senior Cyber Intelligence Analyst

WASHINGTON DC, DC, United States
Cyber

Mid Cyber Intelligence Analyst

WASHINGTON DC, DC, United States
Cyber

Public Health Cybersecurity Strategist

WASHINGTON DC, DC, United States
Cyber

Information Systems Security Officer

FORT MEADE, MD, United States
Cyber

Provide your information to receive jobs that fit you by keywords, location, and more,
and then receive great opportunities based on your skills and experience.

Join our Talent Network >