In this role, the Business Engagement (BE), Technical Validation Cybersecurity Specialist, Sr Principal will coordinate with Cyber colleagues to oversee the continuous dissemination/socialization to the business all cybersecurity requirements for design, development, and implementation of SAIC’s Enterprise Cybersecurity policies, standards, controls, solutions, and services. This role can be based in San Diego, CA or Reston, VA.
This role will also verify by assessment and validation that technical products, platforms, programs and solutions have followed SAIC’s Cybersecurity Policies and Standards; as well as industry cyber best practices for all SAIC Sector Business Units, Horizontal Businesses, Corporate Functions, and other organizational/program systems deployments.
This role will develop strategy and an assessment validation schedule for ensuring monthly and quarterly reviews of Programs and/or Solutions that are deemed “Crown Jewels” to the organization. The role requires experience in quantifying security effectiveness through assessing and validating; virtualized environments, cloud platforms, network segments, architecture of systems components, cybersecurity processes, security automation, etc.
- Lead Technical Validation Cybersecurity Specialist organization technical validations and manages an enterprise-wide information security program that ensures all SAIC information security assets are adequately protected.
- Provides the technical credibility and insight and innovation required to ensure the successful development, implementation, management, and maintenance of the information security systems, processes, and policies that are required to protect the expansive breadth of the Corporation’s enterprise systems and data.
- Supports numerous functions of IT security, risk management, IT security technology assessment, independent security reviews, access administration, virus protection, security monitoring and reporting, incident response and reporting, and security awareness and training.
- Supports the identification, evaluation, and reporting of information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
- Ensures authorized solutions comply with federally mandated security requirements and commonly accepted industry automation security best practices. The incumbent ensures that information security requirements and Risk Management Framework are integrated into the enterprise Systems Development Life Cycle (SDLC) and implemented through development and promulgation of notices, policies, procedures; training and awareness programs; and customer surveys.
- Assists in conducting cybersecurity strategic planning and technical roadmaps to support the business objectives and drive constant cyber transformation and improvements in SAIC’s enterprise defensive security posture.
- Be a cybersecurity leader, and provide mentorship for less experienced cybersecurity practitioners.
- Bachelors and 14+ years of experience; Masters and 12+ years of experience; PhD or JD and 9+ years of experience and hold the Certified Information Systems Security Professional (CISSP) certification.
- Demonstrated previous leadership experience and the ability to write and verbally communicate information security and risk-related concepts effectively to both technical and non-technical audiences.
- Must have strong problem-solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Experience in common cybersecurity architecture and design with an understanding of SAIC Security policy, Cyber Security Framework (CSF), Risk Management Framework (RMF) and SANS Top 20 behavioral based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc.
- Strong understanding of cybersecurity and project management fundamentals, familiarity with common cybersecurity COTS and FOSS tools and their application in a large enterprise environment.
- Experience with FedRAMP, Cloud Security Alliance, Center for Internet Security (CIS), Hybrid Cloud-based information protection standards
- Experience with Public Cloud Platforms Architecture and Deployment (AWS, Azure, GCP) configuration and administration of security features & services.
- Experience with virtualized infrastructure, system and application and mobile security application, operating system, and information protection
- Experience with automated software security testing methodologies (SAST/DAST/SCA).
- Experience with microservice architectures and cloud-native technologies.
- Ability to effectively manage many different tasks simultaneously.
- Excellent written and communication skills.
- Maintain up-to-date detailed knowledge of the IT industry as it relates to the technologies identified as primary responsibilities including awareness of new or revised solutions and improved processes.
- Knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001 27002).
- Possession of additional industry certifications highly preferred. Including, but not limited to, Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Global Information Assurance Certification (GIAC).
- Demonstrated ability to work in a fast-paced, deadline driven environment.\
- Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical thinking, communication and influencing skills, and technical expertise.
SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.