Join our Talent Network >

Security Operations Center (SOC) Shift Lead - Second Shift

This job posting is no longer active.

Job ID: 203592
Location: ATLANTA, GA, United States
Date Posted: Jul 30, 2020
Category: Cyber
Subcategory: Cyber Sec Analyst
Schedule: Full-time
Shift: Evening Job
Travel: Yes, 10 % of the Time
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: Public Trust
Potential for Remote Work: No

Share: mail

Job Description


SAIC is seeking qualified personnel for an exciting opportunity in Atlanta, GA and Washington, D.C.  SAIC will support the Department of Health and Human Services (HHS) cybersecurity mission to ensure HHS can actively protect the vital health information with which it is entrusted, respond to existing and emerging cybersecurity threats, and continue to enhance the program to ensure HHS has the capability and capacity to respond to new and emerging requirements, technologies and threats.  If you are interested in working in this dynamic environment, please review the job description and requirements below and then let us hear from you.
SAIC has a requirement a Security Operations Center (SOC) Shift Lead to support the Second Shift.  The lead will be responsible for managing a team of SOC analysts in a 24x7x365 environment. 
The SOC Shift Lead supports the functions of the CSIRC Security Operations Center (SOC). Provide personnel and services using federal systems and tools to execute the incident analysis and investigation hub for the Department. Responsible for incident logging, tracking, and reporting, outage reporting, and shift change. Responsible for incident management, triage, investigation, and analysis. Responsible for problem resolution and subject matter expertise in security investigations best practices. 
The SOC Shift lead will contribute both as a leader and as a technical contributor on the team.  Leadership duties include:

Coaching and supervising team members
Ensuring escalated incidents are followed through on and data is collected and reported.
Assuring staff are tasked appropriately and supply guidance as needed in accordance with operational policies and procedures. 
Initiating action to ensure appropriate coverage for the upcoming shift. 
Assure that staff has access to tools and systems needed to complete duties. 
Ensure onboarding of new personnel is conducted in accordance with policy.
Ensuring all information in the shift report is complete, accurate, and well understood. 
Ensuring all conference calls are coordinated as scheduled. 
Provide daily status updates of SOC floor tempo. 
Providing meaningful hand offs between each work shift
Technical contributions include these responsibilities for cybersecurity incident analysis:

Collect, analyze, and correlate security events and use discovered data to enable recommendation of mitigation of potential incidents within the enterprise as defined by CSIRC methodology. 
Identify events that pose a threat to the confidentiality, availability and integrity of information or systems that may be indicative of a violation of federal law or HHS Policy. 
Provide quality assurance accuracy, consistency and reliability to security event data in tickets and reports. 
Perform incident triage to include determining accuracy, scope, urgency, and impact. 
Provide incident coordination and updates to the Incident Response Teams (IRTs) and HHS through established processes. 
Notify CSIRC management and other HHS IRT members of suspected incidents and articulate the event’s history, status and potential impact. 
Perform agency-wide event and incident tracking using the prescribed federally approved ticket management system. 
Track and report on-going cyber security incidents to the primary incident handler. 
Provide other teams and stakeholders with event and incident operational and executive reporting. 
Respond to verified incidents utilizing a wide array of tools to mitigate active threats. 
Conduct a minimum of one investigation per week. 
Contribute to the growth of the Department by producing artifacts for the knowledge base. 
Provide updates to the CSIRC Standard Operating Procedures (SOP) as needed. 
Participate in Table Top Exercises and provide summary of findings after the exercises. 
Coordinate with contractors and various teams within the Departments to assist with service restoration based on alarm conditions. 
Work with the Security Operations Center (SOC) on anomalies observed within the network. 
Participate in available technical and personal development opportunities. 
Document SOC team processes, oversee SOC projects and assist with monthly reporting for the team. 


Bachelor’s degree or equivalent and nine (9) years of relevant experience in IT security. Includes working knowledge of cybersecurity engineering principles, techniques, and technologies. DoD 8140/DoD 8570 Information Assurance Management (IAM) Level III certification or equivalent industry certifications are required for team leaders and supervisors.
Five (5) or more years of experience as a SOC Team Lead/Supervisor

Bachelor’s degree or equivalent and five (5) years of experience working on projects or programs with at least two (2) years of successful task lead experience. Experience in managing projects.
Deputy Program Manager Candidates must have 10 or more years work experience in progressive assignments that include 2+ years of team supervision and management of information security teams.
Candidates must have experience working in a Federal, Civilian agency environment supporting Privacy Management related work streams, including Privacy Assessments, privacy related training, policies and reporting the work associated with this area of responsibility.
Candidates must demonstrate work experience creating Privacy Assessments and assessing and mitigating privacy breaches.
Work with RSA Archer is greatly preferred, experience with some form of an enterprise GRC management tool is required if not RSA Archer.  Candidates must be able to advise, recommend and suggest improvements to RSA Archer workflows and reports.
Candidates must demonstrate experience creating learning/instructional materials for privacy-related training and workflows.
Experience overseeing NIST, FedRAMP and section 508 compliance reviews is required.

Candidates must be able to obtain a Public Trust security clearance.

Experience working within the Department of Health & Human Services

Must be able to support 24x7x365 schedule.

Experience working within the Department of Health & Human Services


SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $7.1 billion. For more information, visit For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability

Share: mail

Similar Jobs

Security Data Warehouse DBA

ATLANTA, GA, United States

Endpoint Administrator

ATLANTA, GA, United States

Junior SOC Analyst

ATLANTA, GA, United States

Firewall Engineer

ATLANTA, GA, United States

Senior SOC Analyst

ATLANTA, GA, United States