SAIC is seeking qualified personnel for an exciting opportunity in Atlanta, GA and Washington, D.C. SAIC will support the Department of Health and Human Services (HHS) cybersecurity mission to ensure HHS can actively protect the vital health information with which it is entrusted, respond to existing and emerging cybersecurity threats, and continue to enhance the program to ensure HHS has the capability and capacity to respond to new and emerging requirements, technologies and threats. If you are interested in working in this dynamic environment, please review the job description and requirements below and then let us hear from you.
SAIC has a requirement a Security Operations Center (SOC) Shift Lead to support the First Shift. The lead will be responsible for managing a team of SOC analysts in a 24x7x365 environment.
The SOC Shift Lead supports the functions of the CSIRC Security Operations Center (SOC). Provide personnel and services using federal systems and tools to execute the incident analysis and investigation hub for the Department. Responsible for incident logging, tracking, and reporting, outage reporting, and shift change. Responsible for incident management, triage, investigation, and analysis. Responsible for problem resolution and subject matter expertise in security investigations best practices.
The SOC Shift lead will contribute both as a leader and as a technical contributor on the team. Leadership duties include:
• Coaching and supervising team members
• Ensuring escalated incidents are followed through on and data is collected and reported.
• Assuring staff are tasked appropriately and supply guidance as needed in accordance with operational policies and procedures.
• Initiating action to ensure appropriate coverage for the upcoming shift.
• Assure that staff has access to tools and systems needed to complete duties.
• Ensure onboarding of new personnel is conducted in accordance with policy.
• Ensuring all information in the shift report is complete, accurate, and well understood.
• Ensuring all conference calls are coordinated as scheduled.
• Provide daily status updates of SOC floor tempo.
• Providing meaningful hand offs between each work shift
Technical contributions include these responsibilities for cybersecurity incident analysis:
• Collect, analyze, and correlate security events and use discovered data to enable recommendation of mitigation of potential incidents within the enterprise as defined by CSIRC methodology.
• Identify events that pose a threat to the confidentiality, availability and integrity of information or systems that may be indicative of a violation of federal law or HHS Policy.
• Provide quality assurance accuracy, consistency and reliability to security event data in tickets and reports.
• Perform incident triage to include determining accuracy, scope, urgency, and impact.
• Provide incident coordination and updates to the Incident Response Teams (IRTs) and HHS through established processes.
• Notify CSIRC management and other HHS IRT members of suspected incidents and articulate the event’s history, status and potential impact.
• Perform agency-wide event and incident tracking using the prescribed federally approved ticket management system.
• Track and report on-going cyber security incidents to the primary incident handler.
• Provide other teams and stakeholders with event and incident operational and executive reporting.
• Respond to verified incidents utilizing a wide array of tools to mitigate active threats.
• Conduct a minimum of one investigation per week.
• Contribute to the growth of the Department by producing artifacts for the knowledge base.
• Provide updates to the CSIRC Standard Operating Procedures (SOP) as needed.
• Participate in Table Top Exercises and provide summary of findings after the exercises.
• Coordinate with contractors and various teams within the Departments to assist with service restoration based on alarm conditions.
• Work with the Security Operations Center (SOC) on anomalies observed within the network.
• Participate in available technical and personal development opportunities.
• Document SOC team processes, oversee SOC projects and assist with monthly reporting for the team.