Operational Intelligence Manager - Military veterans preferred

SAIC (www.saic.com)


  full-time   employee

United States


The Operational Intelligence Manager (OIM) is responsible for leading SAIC’s Enterprise Security Operation’s (ESO) cyber threat intelligence efforts.  This role will reside within the Cyber Threat Intelligence and Integration Center (CTIIC) in Reston and act as the liaison for the Corporate Enterprise Security Operations group to other cyber business units.


The OIM is responsible for the technical and process direction of the ESO’s advanced programs (Penetration Testing, Adversarial Emulation, Red/Purple Teaming, Threat Hunting, and Threat Intelligence) and will manage and lead the principle analyst team responsible for those programs.  This role will provide direction to ESO analysts as well as act as a liaison to other teams within SAIC.


The OIM must be proficient in managing and mentoring large teams. Be comfortable leading and managing end-to-end Threat Intelligence lifecycle and can determine criticality, provide recommendations and assess post-mortem activities for threat intel sources across a global enterprise. Works closely with management, other team members, development teams, business analysts, company leaders and end users to ensure data protection for systems used by all areas the organization.


This individual would be expected to have experience in project management, budgeting, and team and resource management and be able to identify areas of potential risk, potential cost savings and operational efficiencies that will reduce the overall risks to data resources.


·       Be responsible for all Enterprise Security Operations’ advanced programs including Threat Intelligence, Penetration Testing, Adversarial Emulation, Red/Purple Teaming, Threat Hunting, and Threat Intelligence

·       Oversee the design, development and coordinate the implementation of common information security processes for the above programs

·       Work as the service leader for the SAIC’s CyberSecurity Operations and Incident Response services pertaining to the above programs

·       Serve as a subject matter expert within SAIC on the above responsible programs

·       Engage with Legal, Human Resources, Contracts, Physical Security, Internal Audit and other business units as deemed necessary based on the type, scope, and severity of a threat intel source to ascertain the risk (or potential risk) to SAIC

·       Demonstrates knowledge in all of the following domains: IT Risk, GRC, IAM, SIEM, SOC operations, Threat Intelligence Research, CSIRT, BCP/DRP

·       Serves as a professional mentor for assigned staff with regard to professional development processes

·       Define and drive goals and performance for ESOC analysts

  • Ensure that Service Level Agreements are defined, tracked and met across SAIC
  • Develop measurement capabilities and metrics to track and communicate performance, coverage and risk. Maintain awareness of trends in security regulatory, technology, and operational requirements
  • Be a leader in the expansion and growth of the ESOC; drive integration of new products and services
  • Ensure that Standard Operating Procedures are being created and followed by the team
  • Identifies opportunities to improve security monitoring and operational tasks
  • Work with outside teams in the development of a comprehensive set of operational security policies and standards designed to permit the organization to achieve its business objectives while effectively managing our security and compliance requirements of meeting DFARS, PCI, and SOX etc. controls.


Required Technical Skills

  • Advanced proficiency with the threat intelligence process as defined in the document: Joint Publication 2-0, Joint Intelligence (22 October 2013)

  • Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM)

  • 5+ years working in at least one of the advanced programs (Threat Intelligence, Penetration Testing, Adversarial Emulation, Red/Purple Teaming, Threat Hunting, and Threat Intelligence)

  • In-depth familiarity with security policies based on industry standards and best practices

  • Experience in designing and implementing highly capable operational processes

  • Incident management process development and/or incident management experience

  • 10+ years working within the information security field, with emphasis on security operations, incident management, intrusion analysis

  • Ability to lead and communicate efficiently within a team environment

  • Great customer service skills

  • Advanced technical writing skills

  • Understanding of application security concepts: such as Software Development Life Cycle, secure coding methodology and application security scanning technology.

  • Should possess one or more specialties in the following applications or classes of tools: industry security frameworks, industry standards and security practices, and security architectures.

  • Proficiency in forensics, forensic investigation/analysis, advanced incident handling, intelligence gathering, forensic research, and formal incident investigation.

  • Operational experience with HIDS, NIDS, Firewalls, routers, switches, various commonly used operating systems, common attack tools, and vulnerability detection/management tools.



  • Required Licenses, Certifications, and Other Requirements

  • CISSP and/or CISA certifications required; GIAC certifications a plus


Education & Experience

  • Master’s Degree

  • Minimum of 5 years of experience in incident response

  • Minimum of 10 years of risk management or IT governance

  • Minimum of 5 years of experience in personnel management


Desired Qualifications