Description

SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.
We attract the best people in the business with our competitive benefits package that includes medical, dental and vision coverage, 401k plan with employer contribution, paid holidays, vacation.

Overview
We are seeking a motivated, career and customer oriented Principal Cyber Engineer interested in joining our team in Alexandria, VA to help an important customer establish and maintain a multi-disciplinary threat management capability to conduct and integrate the monitoring, analysis, reporting, and response to insider threats and insider risk.

Responsibilities:

Responsible for providing technical team lead oversight and guidance and working hands on as part of the team to meet the overall customer objectives. Those objectives are to:

• Provide innovative solutions to complex challenges and incidents to proactively identify and mitigate insider risk and incidents.
• Build collaborative and mutually supportive partnerships with both internal and external stakeholders to obtain Potential Risk Indicators (PRIs) that may be indicative of a potential insider threat and/or highlight insider risk; Develop and implement a programmatic approach to integrating these PRIs into daily operational activities to enhance the organization's ability to effectively deter, detect, respond to, and mitigate insider threat activity.
• Monitor the agency enterprise IT environment and provide timely detection, identification, and alerting of suspicious/anomalous events, information systems misuse, policy violation, abuse of system privileges and other forms of possible insider activity.
• Track, prioritize, manage, security events and incidents stemming from insider activity; conduct investigations, report investigations to organizational stakeholders for further action, perform or coordinate incident response from cradle-to-grave in accordance with industry best practice.
• In accordance with industry best practice, build and tune rules signatures, alerts etc. within Commercial-Off-The-Shelf (COTS) products including Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Extended Detection & Response (XDR), Intrusion Detection Systems (IDS), Data Loss Prevention (DLP), User & Entity Behavior Analytics (UEBA), Security Orchestration, Automation, and Response (SOAR), and other security event correlation tools to increase the effectiveness of these capabilities in detecting insider activity and preventing loss or compromise of confidentiality, integrity, and/or availability of CUI.
• Proactively identify and track log sources that are required for effective insider risk and insider threat monitoring; assess the current state of monitoring capabilities based upon these needs, and develop draft recommendations, workarounds, and action plans as necessary to address gaps and continuously improve monitoring visibility for OCIO implementation.

Qualifications

• Degree in Information Technology, Computer Science, Information Systems Management, Cybersecurity, or related field
  • • Bachelors +7 years of experience
    • Masters +5 years of experience
• Required certifications:
  • • CISSP
    • GIAC Security Expert (GSE)
    • Plus one or more of the following certs:
      • GIAC Certified Detection Analyst (GCDA)
      • GIAC Certified Intrusion Analyst (GCIA)
      • GIAC Certified Forensic Analyst (GCFA)
      • GIAC Cyber Threat Intelligence (GCTI)
      • GIAC Network Forensic Analyst (GNFA)
      • GIAC Penetration Tester (GPEN)
      • GIAC Reverse Engineering Malware (GREM)
• Specialized experience in Cyberspace Operations, Network Security, Computer Forensics, Network Forensics, CND, AS&W, Cyber Threat Intelligence Analysis, Cyber Threat Hunting, Penetration Testing, Insider Threat Detection/Mitigation, or Incident Detection & Response
• Experience as a Technical Team lead with focus on focused on cybersecurity operations or insider threat operations in an IT environment consisting of On-Premise, Hybrid, or Cloud-based information systems
• Root cause analysis profiency
• Excellent written and oral communication skills
• Experience applying knowledge of relevant standards, laws, regulations, and best practices to AS&W, CND, Cybersecurity Incident Response, or Insider Threat Detection/Mitigation methodology
• Skill in using security event correlation tools (e.g. SIEM, EDR, XDR, IDS, UEBA, DLP, etc.)
• Skill in preserving and safeguarding electronic evidence; including documenting and tracking Chain of Custody during collection, analysis, and transfer protect integrity of electronic evidence
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, persistence, network exploitation, command & control, action on objectives, etc.) and proficient in implementing technical controls (or leading implementation) to deter, detect, or disrupt each of these stages.
• Knowledge of computer networking concepts such as. topology, application of defense-in-depth etc.), protocols (TCP/IP, Internet Protocol, Dynamic Host Configuration, Domain Name System, Directory Services, etc.), command line operations, and other concepts as they pertain to network or host-based security.

COVID Policy: Prospective and/or new employees are required to adhere with SAIC's vaccination policy. All SAIC employees must be fully vaccinated and they must submit proof of vaccination on their first day of employment. Prospective or new employees may seek an exemption to the vaccination requirement at Contact Us and must have an approved exemption prior to the start of their employment. Where work is performed strictly at a customer site, customer site vaccination requirements preempt SAIC's vaccination policy.