SAIC is seeking a highly qualified Security Operations Center Lead to support a large federal Information Technology (IT) contract in the Washington DC Metropolitan area.
This position is contingent upon award.
Plans, directs, and coordinates the operational and tactical activities of individuals responsible for the delivery of the SOC Services. Establishes objectives and plans for the team’s operations; identifies and assembles the optimal combination of personnel, technologies, and methodologies to meet current and near-term requirements; translates organizational objectives into work plans; creates contingency plans to meet changes in business circumstances. Position will perform a wide variety of functions as needed to help the team deliver successful results. Responsible for the delivery of the services to the customer and ensuring the services meet the requirements of the contract, customer, regulations, compliance and all other aspects required for outstanding service delivery. The position will work closely with the government technical leadership, customer organizations and the SAIC Program Manager. The duties could include interfacing with the customer organizations at all levels from CIO to Analysts; developing and presenting performance reports; developing and meeting performance management requirements; helping to manage all aspects of the program regarding technical management activities. This position requires a broad and keen understanding of technology and IT delivery of SOC services for on premise and cloud based equipment and critical applications.
Typical activities will include:
Leading team to provide 24x7 Security Operations Center Support.
Leading team to continuously monitor the environment, risk analysis and vulnerability management, address incidents, forensics investigations, escalate as necessary and ensure appropriate action is taken to protect the environment.
Monitor security tools and controls to ensure functioning as intended and support updating of tools and configurations and integration of new tools in response to the evolving threat landscape.
Develop, maintain and update the catalog of standard operating and response procedures and protocols.
Assist the Government to incorporate detection mechanisms for unauthorized, security relevant configuration changes in security incident response capabilities.
Track and analyze activity on servers, endpoints, networks, applications, databases, websites and other technology systems.
Provide a critical layer of analysis needed to seek out irregularities that could suggest a security incident.
Ability to apply techniques for detecting host and network-based intrusions using intrusion detection techniques.
Manage overall maintenance calendar to include all maintenance changes needed to monitor and deconflict changes.
Monitor physical security systems.
Conduct intelligence research to proactively identify and quality threats and develop detection capabilities and implement countermeasures to mitigate potential exploits and minimize effects of successful compromises.
Experience with Splunk Enterprise Security to identify potential bad cybersecurity activity
Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, authentication, network flow, IDS, system logs, etc.)
Manage prevention of cybersecurity incidents through proactive, continuous threat analysis, network and host scanning vulnerabilities, countermeasure deployment coordination, security policy and architecture consulting
Provide situational awareness and reporting on cybersecurity status, incidents, and trends in adversary behavior to appropriate stakeholders 12. Work to use best practice and standards such as NIST and ITIL to ensure industry leading security operations delivery.
Continuously improve the service delivery and adjust to the constantly changing security environment while ensuring ongoing compliance to all regulations.
Bachelors and 15 or more years of related experience; Masters preferred
Must be US Citizen; Active TS/SCI security clearance
5+ years of leadership experience managing 24/7 SOC teams (both onsite and on-call support)
7+ years of IA/cybersecurity experience, with at least five (5) of those involving cyber security monitoring, intrusion detection, incident response, threat analysis, vulnerability assessments
Technical experience in a broad range of IT technologies with a focus on Cyber Operations.
Requires current CISM and one or more of the following technical security certifications: GCIH, GSOC, GMON - Cyber support best practice process experience using standards such as NIST CSF, PMP, ITIL and similar
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.