Description
SAIC is seeking a Blue Team Vulnerability Assessment Lead and subject matter expert.
This position is responsible for:
- Conducting Blue Team risk and vulnerability assessment at the network, system and application levels.
- Conducting cyber threat modeling exercises with commercial tools.
- Ensuring applicable Blue Team Vulnerability Assessment discipline is applied.
- Following customer/contractually directed Vulnerability Assessment Process and Framework(s) to include documentation creation and review as it relates to the assessment, document risk/issues. Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention.
- The lead will possess a thorough understanding in a wide range of security tools, techniques and procedures, including vulnerability assessment architectures, firewall and firewall rule implementations, observing electronic data traffic, and managing role-based network access.
- Must have prior experience utilizing commercial and non-standard tool sets.
- Conduct product and company research, evaluating and recommending new security tools, techniques, and technologies. collaborate with team members and introduce changes and improvements in tools to the enterprise in alignment with IT security strategy.
- Utilize COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and mitigate vulnerabilities, and intrusions.
- Perform analyses or assessments to validate established security requirements and to recommend additional security requirements and safeguards.
- Perform permitted penetration assessments conducted from the insider threat point of view, utilizing non-standard tool sets with insider knowledge of the environment.
- Support cyber metrics development, maintenance and reporting.
- Perform formal Security Test and Evaluation (ST&E) required by the government client. This includes pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
- Periodically conducts review(s) of each system's audits and monitors corrective actions until all actions are closed. It is preferred that analysts have previous work experience briefing senior staff.
- Participate with senior managers to establish strategic plans and objectives: The analyst may serve as a program spokesperson on advanced projects and/or programs.
- May acts as advisor to management and customers on advanced technical research studies and applications.
This opportunity is contingent upon award.
Qualifications
Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience ; PhD or JD and four (4) years or more experience.
Must be able to obtain and maintain DOE Q
Required certification compliance: Must be able to obtain a Certified Information Systems Security Professional (CISSP) within 6 months of contract start
Desired Qualifications (one or more):
ISACA Certified Information Systems Auditor (CISA)
EC-Council Certified Ethical Hacker (CEH) SANs GIAC certification (e.g., GPEN or GW APT)
Offensive-Security Certified Professional (OSCP)
Experience with Cyber threat methodologies
Desired Specific Blue Team Skills:
Identification and Validation of Security Flaws Network Mapping / Network Analysis Vulnerability Analysis Pen-testing network filters and security countermeasures
Threat Hunting Incident Response Forensic Analysis
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.