Lead SIEM Engineer - Military veterans preferred

Description

The ideal candidate has the ability to lead a team that implements, configures, monitors and maintains a DoD-approved enterprise SIEM tool to monitor, detect, and respond to threats on all USACE-supported networks and enclaves. The SIEM shall provide real-time analysis of security alerts generated by applications and network sensors, hardware, cyber tools, Government-approved threat intelligence feeds and threat detectors, and be capable of automatically forwarding incidents and events to the incident response team and USACE OCIO/G-6 based on severity level. The SIEM shall be configured to support classification level of data. 

 

Provide correlation and analysis of cyberspace incident reports derived from reliable sources, network sensors, vulnerability management devices, open source information, and Industry/ Government provided situational awareness of known adversary activities. Applies expert knowledge of Named Areas of Interest (NAI) and advanced persistent threats to review, analyze, and maintain the content of an indicator database to aid in the detection and mitigation of threat activity. Utilize COTS/GOTS analyses tool and expert knowledge to provide threat detection analysis and monitoring, correlation, and prevention of cyber threat activity targeting the customer network. This task requires technical knowledge on the utilization of government and industry capabilities, best security practices, advanced log analysis, forensics, network monitoring, network flow analysis, packet capture analysis, network proxies, firewalls, and anti-virus capabilities. Additionally, this task requires technical knowledge of forensics analysis to determine adversary methods of exploiting information system security controls, the use of malicious logic, and the lifecycle of network threats and attack vectors. Must produce reports on the unique TTPs utilized and conduct incident handling/triage, network analysis and threat detection, trend analysis, metric development, and security vulnerability information dissemination. Must be able to assist the customer with developing metrics and trending/analysis reports of malicious activity and develop signatures for threat detection.

Qualifications

Requirements : 

• Automated incident response capabilities.
• Performing data correlation and analysis reporting for all sensors and defense capabilities at an enterprise level.
•  Providing the Government access to the SIEM systems, including the functionality to establish use cases and run queries.
• Providing immediate notification for unplanned sensor-fed outages exceeding 24 hours, and providing an AAR
• identifying root causes for the outage .
•  Maintaining documentation for all feeds, sensors, and connectors in the SIEM and providing reports to USACE OCIO/G-6 .
•  Operate and maintain SIEM systems to include ArcSight, Splunk, and ElasticSearch.
• Perform functions on the applications and underlying OS that will require knowledge of Unix and Linux.
• Must have clearly demonstrated experience in leading teams of SIEM administrators and/or analysts
• Must be IAT III certified in accordance with DODI 8140/8570 (e.g. CISSP, CASP+ CE, etc.)

EDUCATION AND EXPERIENCE:

Bachelors and fourteen (14) years or more experience; additional 4 years experience in lieu of degree

CLEARANCE REQUIREMENT:

Must have Secret clearance

COVID Policy: Prospective and/or new employees are required to adhere with SAIC's vaccination policy. All SAIC employees must be fully vaccinated and they must submit proof of vaccination on their first day of employment. Prospective or new employees may seek an exemption to the vaccination requirement at and must have an approved exemption prior to the start of their employment. Where work is performed strictly at a customer site, customer site vaccination requirements preempt SAIC's vaccination policy.
Target salary range: $150,001 - $175,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.