SAIC is seeking a Security Operations Center (SOC) Lead Analyst (Tier 3) to join our team providing Security services for a major state & local government customer located in Texas. This position is initially remote due to COVID, but will be in either Oak Ridge or Cookeville, TN post-covid (dependent on employee location). This position reports to our Cybersecurity Operations Director and is a member of the 24x7-security operations team. This lead analyst will be primarily accountable for the investigation and management of escalated events and incidents from Tiers 1 and 2, and collaboration with other technical support teams in the investigation, remediation and prevention of cybersecurity threats. Primary job responsibilities include:
- Manage escalations for cybersecurity events and incidents received from Tier 1 & 2 staff
- Provide technical leadership during incident command activities by directing technical and non-technical teams to perform activities associated with containment and restoration of system(s) during a major security breach
- Provide detailed analysis of security events and investigations
- Coordinate and collaborate with peer technical teams in a multi-vendor environment for the investigation, remediation and implementation of preventative measures for cybersecurity events and incidents
- Act as forensic investigations subject matter expert
- Utilize advanced threat hunting techniques, tools, and procedures to identify risks to the environment
- Perform efficiency analysis and tuning for SIEM tools including event rules and filtering, reporting, and rule management
- Provide coaching, training, and support development of documentation for Tier 1 and 2 staff
- Provide 24x7 monitoring and analysis of SIEM events to identify potential security risks and vulnerabilities
- Triage events and investigate to identify security incidents
- Log security incidents in the IT ticketing system
- Manage security incidents throughout their lifecycle to closure
- Receive input from threat intelligence sources and analyze events to identify threats and risks; provide threat intelligence reports to various customer and company organizations
- Provide support for routine reporting
- Support ad-hoc data and investigation requests
- Conduct security and vulnerability scans as directed using established processes
- Bachelor’s degree in a relevant field of study (e.g. Cybersecurity, Information Systems, Computer Science, etc.) and five (5) or more years of total relevant experience. Alternatively, a Master’s degree in a relevant field of study and three (3) or more years of total relevant experience.
- 4 years of experience as a SOC analyst including regular use of any SIEM tool; event triage and incident management
- SIEM tuning and administration
- Work in a team environment
- Cybersecurity experience including SIEM operations, forensic acquisition and analysis of evidence, event management, and incident management
- Industry-recognized cybersecurity certification (e.g. CompTIA Security+, CISSP, C|EH, etc.)
- Experience with SIEM tools (e.g. Splunk)
- Splunk Certified Administrator certification required within six months of hire
- Experience with Forensic tools (e.g. EnCase)
- Excellent oral and written communication skills
- Demonstrated experience with leading incident response calls, meetings, and activities by providing direction to other team members and partner vendors
- Experience with Microsoft Office including Word and PowerPoint
- Experience with ITIL, ITIL certification
- Experience with reporting and reporting tools
- Experience with integrating SIEM tools with other systems; SIEM Engineering
COVID Policy: Prospective and/or new employees are required to adhere with SAIC's vaccination policy. All SAIC employees must be fully vaccinated and they must submit proof of vaccination on their first day of employment. Prospective or new employees may seek an exemption to the vaccination requirement at Contact Us
and must have an approved exemption prior to the start of their employment. Where work is performed strictly at a customer site, customer site vaccination requirements preempt SAIC's vaccination policy.
Target salary range: $100,001 - $125,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.
We are more than 26,500 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a respectful work culture based on diversity, equity, and inclusion that values all contributors. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.1 billion. For more information, visit saic.com.