Join our Talent Network >

Principal Cyber Security Analyst

Job ID: 201275
Location: RESTON, VA, United States
Date Posted: Mar 25, 2020
Category: Cyber
Subcategory: Cyber Sec Analyst
Schedule: Full-time
Shift: Day Job
Travel: Yes, 10 % of the Time
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: Secret
Potential for Teleworking: No

Share: mail

Job Description

Description

The Principal Cyber Security Risk Management / Technical Security Analyst reports to the Information Technology Office (ITO)  Business Engagement (BE) Senior  Manager within the Cyber Security (CS) Directorate’s BE division.  The position exercises significant judgment in working with IT teams within the environment. The analyst serves as the Cyber Security point of contact in support of IT portfolio of projects, supplier security evaluations, participate in analysis of alternative workshops and security consultation with regards to company policies and security good practices from Bid Risk Reviews (BRRs) to Inflight Program Reviews (IPRs) .

 

SAIC’s Information Technology Office (ITO) Cyber Security Directorate  is managed by SAIC’s Chief Information Security Officer (CISO) who relies upon the BE Senior Manager and the BE Cyber Security Principal Risk Analyst to adjudicate alternative risk and  secure solutions deliver IT services to employees as a productivity enabler, to functional groups for business process enablement, and to the SAIC Customer and Service Groups in fulfillment of contracted requirements on behalf of the CISO and SAIC.  All Cyber Security IT services rendered by ITO CS must be aligned with the strategic goals established by SAIC executive leadership and must not adversely affect the SAIC security posture unless exceptions, and risk are documented, and communicated as a matter of record to the business and the CISO to:

 

1.  Ensure that IT services are secure reliable, delivered within competitive cost metrics, and value-driven to enable SAIC’s business growth. 

2.  Align enterprise security policy and services with the business model and market portfolio requirements

 

In addition to primary responsibilities identified below, the Principal Cyber Security Risk Management Analyst will serve as a subject matter expert for network, server, data base management and endpoint technical security requirements, assessing risk, promoting standards and guidelines in information assurance / data management systems.

  •  Experience or training in the IA governance , technical hardening  and / or accreditation & certification frameworks and Information Security program Security Plans, STIGS, Center Internet Security baselines for Networking ,OSes, Application and Database components, NIST standards for Risk Management and Cybersecurity frameworks specifically
  • Experience in the use of Service Now or service request ticketing systems, and  MS Word , Excel, Power Point and SharePoint,
  • Experience using eGRC, SEIM, and  Vulnerability Scanning tools
  • Excellent written and oral communication skills 
  • Produce the following quality deliverables for SAIC business leadership:
  • Written reports and verbal presentations.
  • Present security recommendations for complex programs & sourcing decisions.Provide input to regularly scheduled platform and project specific meetings
  • Perform system security evaluations on suppliers and vendor products by following prescribed security evaluation criteria.
  • Provide input to regularly scheduled platform and project specific meetings
  • Produce quality system security risk assessment reports.
  • Overall assistance in defining security requirements and strategies for information management system and network architecture design, optimization, and solution delivery.
  • Assist platform owners and design teams in applying the necessary security controls to mitigate associated risks
  • Function as a technical functional analyst who can navigate and communicate effectively with both technical and engineering teams and at ease with business function leads.
  • Assist in evaluating third-party supplier security controls, third-party relationship management, and Security outsourcing background.
  • Using Security Management Practices and internal policy:
  • Conduct risk analysis on existing and to-be web/application/information services
  • Document and present findings.
  • Apply threat modeling concepts.
  • Serve as a security subject matter expert, providing multi-disciplinary knowledge, skills, and experience in technical information assurance and information security management network security and system architecture and database management.
  • Consult on current and upcoming projects covering all levels of network architecture and information management systems impact to the overall IT security and IT systems architecture.
  • Provide security profiling analysis for a wide range of network security technologies including, but not limited to: firewalls, IPS/IDS, NAC, VPN, proxies, routers, and switches.
  • Experience securing common services (i.e. DHCP, DNS, Terminal, WINS, Routing, etc)
  • Working knowledge of protocols, network topologies, and perimeter security devices (proxies, IPS, IDS, Firewall and packet analyzers), network security design, and Rights Management Services
  • Ensure appropriate security provisioning during varying phases of Software Development Life Cycle.
  • Review business requirements and document security requirements for the information systems.
  • Ensure system changes and updates remain ITO security policy compliant.
  • Ensure security standards are applied from design to UAT.
  • Assist in conducting on-site physical security assessments.
  • Conduct security risk assessment of supplier (3rd party vendors) and provide recommendations for improving the vendor assessment process. Support all facets of the vendor security program, including the evaluation of vendors, development of recommendations to improve security and mitigate security risks.


Primary Responsibilities

Work on Cyber Security Risk Management and overall Cyber team to deliver quality risk assessment reports. This requires having an in-depth working experience with an Information Security Risk Assessment using industry standard approach.


Qualifications

Required Qualifications:

  • Fundamental technical knowledge of Active Directory, Windows and Linux OSes, firewalls, networks, Oracle, SQL, stored procedures, scripts and reports.
  • Expertise with NIST and ISO 27000 series, particularly NIST SP 800-53, NIST SP 800-171 r1, ISO 27001/2.
  • Working knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, ISO 27001&27002, ITIL, SOX, and DFARS/FARS). This includes: Applications and Systems Development Security, Security Management Practices, Access Control, Security Architecture and Modeling, Telecommunications, Network Security, Cryptography (PKI), Operations Security, and Physical Security Controls
  • Demonstrate success leading and conducting senior level security risk analysis. Specifically, threat modeling involving system decomposition, threat and vulnerability discovery and mitigation.
  • Education: Bachelor’s Degree in Information Systems, Computer Science, Information Security or related IT field.
  • 8-10 years relevant risk assessment, information security / analytical experience.
  • Professional Security Industry Certifications such as CISSP, CCNA, CCIE or other relevant industry certifications through such accrediting bodies such as the DoD, ISC2, ISACA, SANS or Comp TIA.
  • Proven ability to work with cross-functional teams.
  • Self-starter, individual contributor; must perform with limited or no supervision.
  • Possesses proven initiative and developed listening skills.
  • Demonstrate timely task completion involving solid organizational skills, task tracking, and follow-up, and productive peer interaction.
  • Possess strong technical writing, verbal and presentation skills especially with communicating to PMOs / senior management.
  • Provide feedback on internal processes required to help train and mentor other professionals as needed
  • Worked with Secure Development Life Cycle and Work experience in a mature risk management team with proven risk assessment methodology.
  • Extensive understanding of IAM technologies, concepts, policies, processes, best practices, and solutions.
  • Knowledge of technology trends and developments in the areas of IAM, and knowledge and experience with formal security and control frameworks such as ISO 17799, COSO, ITIL, and NIST SP 800-53
  • Ensure requirements gathered, processes defined, and use cases documented follow out of the box configuration vs. customization for relevant IAM technologies as much as possible.
  • Participate Design deployment architectures.
  • Participate in capacity planning and HW / SW specification recommendation efforts.
  • Participate in all technology deployment activities ranging from design to architecture to configuration and custom development.
  • Participate in and/or lead User Acceptance Testing and bug-related engineering efforts.
  • Design, implement and educate on code deployment, code migration, and source control use.
  • Provide knowledge transfer and post production support activities as necessary.
  • Comprehensive understanding of Data Protection solutions and technologies including; Data Loss Prevention (DLP), data masking, tokenization, data classification, and data encryption.  
  • Experience with NIST SPs for SSPs, DFARs, Encryption and other International security and regulatory standards
  • Project Management Skills
  • Experience in the use of MS Project, MS, Visio, SCCM,FIM/ MIM and other Microsoft products, Archer and SPLUNK eGRC /SEIMs and other MVM / Nexus security tools
  • Experience acting as a Subject Matter Expert or team lead providing guidance to others
  • Strong communication skills; person in this role must be able to successfully communicate with management personnel, technical personnel and third parties

 

Desired Qualifications:

  • Experience with reviewing systems vulnerabilities for risk and relevance.
  • Experience in planning mitigations for systems vulnerabilities.




Desired Qualifications

 




Overview

SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $6.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability

Share: mail

Similar Jobs

Cyber Remediation Analyst

VIENNA, VA, United States
Cyber

Cyber Operations Action Officer (Crystal City)

ARLINGTON, VA, United States
Cyber

Senior Cyber Security Analyst

WASHINGTON, DC, United States
Cyber

Cyber Manager

WASHINGTON, DC, United States
Cyber

Cyber Security Engineer

WASHINGTON, DC, United States
Cyber

Security Operations Manager/Program Manager

WASHINGTON, DC, United States
Cyber

Security Quality (SQ) Team Lead

WASHINGTON, DC, United States
Cyber

Security Incident Response (IR) Team Lead

WASHINGTON, DC, United States
Cyber

Security Infrastructure (SI) Team Lead

WASHINGTON, DC, United States
Cyber

Security Triage (ST) Team Lead

WASHINGTON, DC, United States
Cyber

Principal Cyber Security Analyst

RESTON, VA, United States
Cyber

Security Engineer Team Lead

HERNDON, VA, United States
Cyber

PKI Engineer (VG00618)

SPRINGFIELD, VA, United States
Cyber

Cyber/Forensic Analyst, TS/SCI & Poly Required

CHANTILLY, VA, United States
Cyber

Senior Information System Security Manager (ISSM)

MCLEAN, VA, United States
Cyber

Senior Information System Security Manager (ISSM)

ARLINGTON, VA, United States
Cyber

Senior IT Security Analyst

VIENNA, VA, United States
Cyber

IT Auditor - Mid

WASHINGTON, DC, United States
Cyber

Security Specialist

WASHINGTON, DC, United States
Cyber

Information Systems Security Officer - Senior

RESTON, VA, United States
Cyber

CND / Splunk Engineer

SPRINGFIELD, VA, United States
Cyber

Security Engineer - Senior

WASHINGTON, DC, United States
Cyber

Security Engineer - Senior

WASHINGTON, DC, United States
Cyber

Security Engineer - Senior

WASHINGTON, DC, United States
Cyber

Security Engineer - Senior

WASHINGTON, DC, United States
Cyber

Provide your information to receive jobs that fit you by keywords, location, and more,
and then receive great opportunities based on your skills and experience.

Join our Talent Network >