CND Analyst - Military veterans preferred



  full-time   employee

United States


SAIC is looking for a well-qualified Computer Network Defense (CND) Analyst to join an exciting program in Northern Virginia. As a CND Analyst, you will be responsible for identifying, analyzing, and mitigating threats to hosted information systems.  

The CND Analyst shall execute a continuous monitoring and analysis strategy for hosted information systems to:  monitor and report on any indications if outsider or insider threats; watch for and report on unauthorized changes; and monitor the operational environment and report on any suspected intrusions. Shall utilize Splunk software, to include Splunk Enterprise Security (ES) and Splunk User Behavior Analytics (UBA), for continuous monitoring, incident reviews, investigations, and event correlation.


  • Using CND tools, defensive measures, and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the enterprise network in order to protect information, information systems, and network threats
  • Investigating and analyzing response activities related to cyber incidents within the environment
  • Correlating incident data and performing CND trend analysis and reporting
  • Developing and providing CND activity/incident reports, summaries, and other situational awareness information, and presenting them to the CIO or their designated representative
  • Developing and maintaining documentation as it pertains to the use and operation of CND tools (SOPs, playbooks, incident reporting, incident response, etc.).


TYPICAL EDUCATION AND EXPERIENCE: Bachelors and two (2) years or more experience. Additional experience may be substituted in lieu of a degree. 

  • An active Top Secret clearance with eligibility for access to sensitive compartmented information (TS/SCI);
  • One of the following certifications:
  • CompTIA Security+ ce; [OR]
  • International Information Systems Security Certification Consortium (ISC)2 Systems Security Certified Practitioner (SSCP)
  • One year or more experience in Information Security (INFOSEC) operations and/or Cybersecurity-related experience;
  • One year or more experience in operating a SIEM and/or vulnerability scanner product (Splunk, Tenable, etc.) s related experience.

Desired Qualifications


  • An active Top Secret clearance with access to SCI;
  • Having completed a polygraph within the last seven (7) years
  • Three years or more experience working in an operational Security Operations Center (SOC) as a Cybersecurity professional, or amongst a team with responsibility for similar functionality and behavior;
  • Three years or more of hands-on experience working with industry standard solutions for some, or all, of the following:  Security Information and Events Management (SIEM), Vulnerability Assessment and Management, Advanced Network Inspection/Analysis, Advanced Malware Detection, Data Loss Prevention (DLP), Incident Response, Forensics Tools, User Activity Monitoring (UAM), and User Behavior Analytics (UAB) solutions