Cybersecurity Ops Team Manager - Military veterans preferred



  full-time   employee

District of Columbia
United States


SAIC has an opening for a Cybersecurity Operations Team Manager to join our talented, dynamic team. The key responsibilities for this position include:

- Lead a multi-disciplinary team to conduct cyber incident response support. This leader will ensure all teams are operating efficiently, and be the conduit source for the VA on all matters pertaining to cyber incident response support
- Develop and maintain incident response procedures and Security SOPs
- Utilize incident response use-case workflows, SOPs and Playbooks to follow established and repeatable processes for triaging and escalating
- Conduct reviews of security incidents to identify areas of improvements
- Perform quality control reviews of incident tickets are within US Cert reporting procedures
- Manage security incidents from containment to eradication
- Coordinate with external organizations to ensure appropriate and accurate dissemination of incident and other information
- Produce bi-weekly cyber incident response activities metrics reports
- Recommend improved metrics to assist leadership in making improvements and preventative actions
- Analyze event data, investigation reports and forensic analysis reports in order to validate security incidents
- Notify management 100 percent of incidents classified as Major (as defined by US CERT) within 15 minutes of notification from US CERT
- Produce grammatically correct and comprehensive incident descriptions and activity notes for security incidents to support  the  creation  of  executive  summaries  and  automated  incident dashboards
- Produce a framework for the repeatable generation of after- action reports to identify strengths and weaknesses as well as required improvements
- Recommend enterprise protection measures based on incident trends and to improve the overall enterprise network security posture
- Lead incident calls from beginning to end and provide direction to stakeholders for containment, validation and remediation of incidents
- Utilize the Cyber Threat  Framework  to  characterize,  categorize  and  classify  incidents based on incident details
- Collect and report metrics, manage work and resources
- Monitor various security tools (e.g. SIEM, Splunk, SourceFire, Cisco ASA) to identify potential incidents, network intrusions,


TYPICAL EDUCATION AND EXPERIENCE: Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience ; PhD or JD and four (4) years or more experience


- Bachelor’s degree 
- Minimum of eight (8) years of work experience with five (5) years of experience performing network and host advanced analytics principles and methods, and information security processes and techniques
- Must be able to successfully undergo a Veterans Affairs High Security Investigation (VA BI)
- Experience leading, providing guidance, and oversight
- Experience managing work and resources
- Experience with advanced cyber security tools, network topologies, intrusion detection, PKI, and secured networks
- Experience interpreting and implementing cyber security regulations

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.