Join our Talent Network >

Technical Lead – Computer Incident Response Team –Tier2

Job ID: 194775
Location: BELTSVILLE, MD, United States
Date Posted: Aug 23, 2019
Category: Cyber
Subcategory: Cyber Sec Analyst
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: Top Secret
Clearance Level Must Be Able to Obtain: Top Secret
Potential for Teleworking: No

Share: mail

Job Description

Description

Join SAIC’s cyber security team and work on this effort that encompasses technical, engineering, management, operation, logistical and administrative support for cyber security operations.  The ideal candidate will have broad and deep experience in cyber security with demonstrated successes in supporting a large scale IT infrastructure encompassing overseas and domestic facilities.


The Computer Incident Response Team (CIRT) uses the Network Monitoring and Incident Response System (IDS) Sensor Network to perform near real-time detection, collection, analysis, correlation and reporting of system security events that pose a threat to the Department’s networks. The mission of the CIRT is to work closely with internal and external entities to:


  • Monitor and detect all available computer information systems for infractions;
  • Respond and assist with the resolution of any suspected or successful computer security breach or violation;
  • Share knowledge and intelligence gained from computer security events with stakeholders; and
  • Protect against and prevent potential computer security threats and vulnerabilities.

 

Tier-2: Advanced Analysis and Incident Handling

  • Conduct advance analysis and recommend remediation steps for computer security events and incidents
  • Receive and process events and provide recommendations regarding advanced analysis
  • Coordinate with ISSOs, and others as needed
  • Support computer security incidents identified from non-CIRT organizations, when requested
  • Perform quality control checks of CIRT events
  • Identify advanced techniques and coordinate to improve analysis capabilities
  • Perform advanced malware analysis
  • Coordinate with other Divisions to create and deploy new signatures on existing toolsets

The Technical Lead, CIRT Tier 2 leads and oversees Tier 2 contractor activities for the CIRT program; provides technical and operational oversight. Schedules, coordinates, guides, monitors, tracks and reports on Tier 2 activities and performance. Conducts advance analysis and recommends remediation steps for computer security events and incidents. Ensures established Tier 2 processes and procedures are followed, including during surge support and in interaction with customers. Recommends improvements to increase operational efficiency. Liaises and coordinates with operational managers and other entities within the Department and with outside agencies.


Support CIRT operations and provide Tier 2 intrusion detection analysis and response. Specific activities include but are not limited to the following:


  • Lead Tier-2 analysis support 24x7x365
  • Monitor the CIRT hotline, email inboxes, fax and the Remedy ticketing system
  • Investigate, analyze, remedy, and report on security events and incidents
  • Report incident information to the U.S. CERT
  • Maintain incident logs
  • Produce reports on CIRT activities
  • Participate in the Government Forum of Incident Responders and Security Teams (GFIRST) meetings
  • Collaborate with other local, national and international CIRTs
  • Perform inter-agency liaison; coordinate events/incidents information with operational managers and law enforcement entities within the Department, and with outside agencies
  • Render technical assistance for criminal investigations and non-security related operational events
  • Provide monthly project status report as part of the MIRD Task Status Report by the 15th of each month, containing details as described in paragraph 7.2, Program Management and Administration
  • Report on quality performance measures quarterly as part of the overall Program performance measures review

Qualifications

Qualifications:

Education: A Bachelor’s Degree in Computer Science, Information Systems, Engineering, Telecommunications, or other related scientific or technical discipline. Four (4) additional years of general experience (as defined below) may be substituted for the degree.


General Experience: Eight (8) years of experience in network center management and operation with increasing responsibilities.


Specialized Experience: Five (5) years of current experience in 24x7x365 network security monitoring operations of similar size and scope as the CIRT.

Three (3) years of experience in LANs, WANs, VPNs, network protocols, firewalls, routers, and performing malware analysis. Demonstrated experience in network security systems and products.


Certification Required: CISSP


Technology Required: Remedy Service Management; Netwitness; Net Detector; ISS Site Protector; RealSecure; McAfee IntruShield; SPLUNK log aggregator; Symantec Security Event Manager, and a variety of tools to perform malware analysis.


Location:  Beltsville MD or Rosslyn VA


Shift Work: CIRT operates 24x7x365 and is staffed with Tier 1 and Tier 2 analysts with six (6) eight-hour shifts.


Must be US Citizen with active Top Secret clearance

Desired Qualifications

 

Overview

SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability

Share: mail

Similar Jobs

Sr. IT Audit Specialist

VIENNA, VA, United States
Cyber

Senior Cyber Security Architect

GREENBELT, MD, United States
Cyber

Cyber Sec Analyst Principal / Navy Validator

FLEXWORK, DC, United States
Cyber

Computer Systems Security Analyst 4

FORT MEADE, MD, United States
Cyber

Information Assurance Analyst - Database

BETHESDA, MD, United States
Cyber

Cyber Sec Analyst Sr

WASHINGTON, DC, United States
Cyber

Engineer Info Assurance 5

ANNAPOLIS JUNCTION, MD, United States
Cyber

Senior Security Engineer

LANHAM, MD, United States
Cyber

Alternate Information System Security Officer

LANHAM, MD, United States
Cyber

Cyberspace Operations Engineer II

FORT MEADE, MD, United States
Cyber

Computer Network Defense Engineer

ANNAPOLIS JUNCTION, MD, United States
Cyber

Cybersecurity T&E Engineer

DC, United States
Cyber

Cyber Security Analyst

WASHINGTON, DC, United States
Cyber

Audit Technical Liaison

VIENNA, VA, United States
Cyber

IT Security Analyst

VIENNA, VA, United States
Cyber

Security Operations Analyst - SOC Analyst 2

VIENNA, VA, United States
Cyber

Sr. Application Security Engineer

VIENNA, VA, United States
Cyber

Special Security Officer II

FORT MEADE, MD, United States
Cyber

Cyber Manager

WASHINGTON, DC, United States
Cyber

Provide your information to receive jobs that fit you by keywords, location, and more,
and then receive great opportunities based on your skills and experience.

Join our Talent Network >