By providing the information below and checking the boxes referenced, you acknowledge and consent to SAIC's Privacy Policy to include access and use of your information for the purposes of sharing your information for possible employment recruitment effects by SAIC and it's third party vendors. For further information, see SAIC's privacy policy
Join our Talent Network >
Back to Search Results >
Previous Opportunity > Next Opportunity >

Security Operations Center (SOC) Analyst

Job ID: 212447
Location: BROOMFIELD, CO, United States
Date Posted: Feb 23, 2021
Category: Cyber
Subcategory: Cybersecurity Spec
Schedule: Full-time
Shift: Rotating
Travel: No
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: Secret
Potential for Remote Work: No
Benefits: Click here

Share: mail

Job Description

Description

SAIC has an opportunity for a Security Operations Center (SOC) Analyst  to support the US Army Corps of Engineers Revolutionary IT Services (USACE RITS) program.

The USACE RITS contract will provide modern and secure enterprise-wide IT support services to approximately 37,000 USACE customers located throughout the CONUS and OCONUS. Services will support the mission needs of USACE’s Headquarters (HQs) located in Washington, D.C., nine Divisions and 43 Districts, to include over 1,500 field and area project offices and two data centers that are currently located in Vicksburg, Mississippi, and Hillsboro, Oregon.

 

The ideal candidate will be the point of contact for monitoring agency networking environments, including cloud, DMZs and secure LANs, as required by the USACE OCIO/G-6. The service shall also support connectivity to extranets and the internet.

Major duties with monitoring include:

  1. Providing analysis and monitoring for all systems and environments to ensure the availability, integrity, and confidentiality of the data processed, stored, and transmitted via a centralized support monitoring service. Analysis and monitoring shall be automated to the maximum extent possible.
  2. Providing Intrusion Detection System/Intrusion Prevention System (IDS/IPS) support:
    1. Implementing, administering, and maintaining threat sensors based on current threat directives and recommendations.
    2. Developing, testing, and distributing threat sensor baseline signatures.
    3. Developing IDS/IPS test plans, operational procedures, and maintenance plans.
    4. Providing host-based intrusion detection monitoring and prevention on all devices, including those supporting Host-Based Security Systems (HBSSs).
    5. Providing data feeds from all intrusion detection and prevention modules for incorporation into the Enterprise Security Incident Management System, for CorpsNet, cloud, DMZ, and SIPR in accordance with classification guidance.
  3. Providing continuous monitoring of malware protection and detection mechanisms.
  4. Providing administrator access to the designated Government POCs as required.
  5. Providing active monitoring of the operational status, health, and performance of the monitoring tools and devices.
  6. Actively monitoring vendor feeds, Army feeds, tippers, OPORDS, sensor grids, and intelligence feeds for new signature information.
  7. Analyzing the information provided and providing recommendations for inclusion into the CorpsNet, and SIPRNet environments, while maintaining the classification of information.
  8. Providing performance measurements, logs, and information feeds from the security monitoring systems (e.g., HBSS and IPS).
  9. Maintaining access to current network architecture diagrams per DISA standards showing placement of sensors (e.g., IDS/IPS, Routers, Netflow/PCAP systems, firewall, etc.).
  10. Reporting on access to assets, including, but not limited to, network and host-based sensors for CorpsNet, CorpsNet extended network (JRSS and cloud), and SIPRNet.
  11. Integrating and correlating data from USACE systems, servers, services, SIEM, and end points to measure, monitor, remediate, and remove threats to the environment in accordance with USACE OCIO/G-6 directives.

Major incident response duties include:

  1. Responding to alerts and violations identified, in accordance with cyber policy and incident response plans, as part of the SIEM.
  2. Identifying incident threat level and nature based on the received alert or violation.
  3. Identifying root cause, source, and methodology used to properly categorize the incident.
  4. Providing AR 380-53 Network Damage Assessment, if necessary.
  5. Gathering host logs from compromised system(s).
  6. Taking corrective action to contain the incident, prevent further spread, and protect systems.
  7. Providing forensically sound evidence collection and capabilities.
  8. Eradicating the malicious event from infected hosts/network as directed by USACE OCIO/G-6.
  9. Providing cyber clean-up as required, including the restoration of damaged data.
  10. Recommending mitigating actions to prevent future infections or reinfection.
  11. Configuring and fine-tuning detection/prevention capabilities.
  12. Providing cyber After Action Reports (AARs), including lessons learned and final network damage assessment as identified by USACE OCIO/G-6.
  13. Providing analysis, correlation, and trending of anomalous events and incidents.
  14. Supporting incident response team deployment to USACE OCIO/G-6 locations.
  15. Coordinating and sharing data with other Federal agencies and DoD commands as directed by USACE OCIO/G-6.
  16. Providing analysis and reverse engineering of cyber threats.

Implementing mitigation measures in response to general or specific threats on the respective networks in accordance with USACE OCIO/G-6 directives.

 

Other general duties include: Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (STE) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (STE) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. 

Qualifications

EDUCATION AND EXPERIENCE: Bachelors and two (2) years or more experience; additional four (4) years experience in lieu of degree

CLEARANCE REQUIREMENT:  Must have a Secret clearance or be able to obtain a Secret


Target salary range: $85,001 - $95,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.


Overview

SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.

Share: mail
Apply Now >
Quick Links
×

During this time, SAIC continues to hire key talent. As we adopt new ways of supporting our business and customers, our company has implemented various flexwork options, as well as virtual hiring processes and online events in compliance with social distancing guidelines. These virtual strategies protect our existing and future team members, while enabling us to keep the security and defense of our nation in focus.

For more information about joining our team, visit our Frequently Asked Questions (FAQs) page: SAIC COVID-19 Response »