The Operational Intelligence Manager (OIM) is responsible for leading SAIC’s Enterprise Security Operation’s (ESO) cyber threat intelligence efforts. This role will reside within the Cyber Threat Intelligence and Integration Center (CTIIC) in Reston and act as the liaison for the Corporate Enterprise Security Operations group to other cyber business units.
The OIM is responsible for the technical and process direction of the ESO’s advanced programs (Penetration Testing, Adversarial Emulation, Red/Purple Teaming, Threat Hunting, and Threat Intelligence) and will manage and lead the principle analyst team responsible for those programs. This role will provide direction to ESO analysts as well as act as a liaison to other teams within SAIC.
The OIM must be proficient in managing and mentoring large teams. Be comfortable leading and managing end-to-end Threat Intelligence lifecycle and can determine criticality, provide recommendations and assess post-mortem activities for threat intel sources across a global enterprise. Works closely with management, other team members, development teams, business analysts, company leaders and end users to ensure data protection for systems used by all areas the organization.
This individual would be expected to have experience in project management, budgeting, and team and resource management and be able to identify areas of potential risk, potential cost savings and operational efficiencies that will reduce the overall risks to data resources.
· Be responsible for all Enterprise Security Operations’ advanced programs including Threat Intelligence, Penetration Testing, Adversarial Emulation, Red/Purple Teaming, Threat Hunting, and Threat Intelligence
· Oversee the design, development and coordinate the implementation of common information security processes for the above programs
· Work as the service leader for the SAIC’s CyberSecurity Operations and Incident Response services pertaining to the above programs
· Serve as a subject matter expert within SAIC on the above responsible programs
· Engage with Legal, Human Resources, Contracts, Physical Security, Internal Audit and other business units as deemed necessary based on the type, scope, and severity of a threat intel source to ascertain the risk (or potential risk) to SAIC
· Demonstrates knowledge in all of the following domains: IT Risk, GRC, IAM, SIEM, SOC operations, Threat Intelligence Research, CSIRT, BCP/DRP
· Serves as a professional mentor for assigned staff with regard to professional development processes
· Define and drive goals and performance for ESOC analysts
Required Technical Skills
Advanced proficiency with the threat intelligence process as defined in the document: Joint Publication 2-0, Joint Intelligence (22 October 2013)
Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM)
5+ years working in at least one of the advanced programs (Threat Intelligence, Penetration Testing, Adversarial Emulation, Red/Purple Teaming, Threat Hunting, and Threat Intelligence)
In-depth familiarity with security policies based on industry standards and best practices
Experience in designing and implementing highly capable operational processes
Incident management process development and/or incident management experience
10+ years working within the information security field, with emphasis on security operations, incident management, intrusion analysis
Ability to lead and communicate efficiently within a team environment
Great customer service skills
Advanced technical writing skills
Understanding of application security concepts: such as Software Development Life Cycle, secure coding methodology and application security scanning technology.
Should possess one or more specialties in the following applications or classes of tools: industry security frameworks, industry standards and security practices, and security architectures.
Proficiency in forensics, forensic investigation/analysis, advanced incident handling, intelligence gathering, forensic research, and formal incident investigation.
Operational experience with HIDS, NIDS, Firewalls, routers, switches, various commonly used operating systems, common attack tools, and vulnerability detection/management tools.
Required Licenses, Certifications, and Other Requirements
CISSP and/or CISA certifications required; GIAC certifications a plus
Education & Experience
Minimum of 5 years of experience in incident response
Minimum of 10 years of risk management or IT governance
Minimum of 5 years of experience in personnel management