Security Operations Center Manager- Incident Response

Full Time


    • Security
    • Manager
    • Network
    • Web
    • SQL
    • Python
    • Windows
    • Linux
    • CCNA

    Job Description

    Job ID: 2300648

    Location: QUANTICO, VA, US

    Date Posted: 2023-01-17

    Category: Cyber

    Subcategory: Cybersecurity Spec

    Schedule: Full-time

    Shift: Day Job

    Travel: No

    Minimum Clearance Required: TS/SCI

    Clearance Level Must Be Able to Obtain: None

    Potential for Remote Work: No


    SAIC is seeking a Security Operations Center (SOC) Incident Response Manager to work onsite with our customer at Quantico, VA. This position supports the Marine Corps Cyberspace Operations Group (MCCOG).

    This position is contingent upon contract award. If awarded, work will begin in Fall 2023.

    Job Summary: The Security Operations Center (SOC) Incident Response Manager will be responsible for incident response activities throughout the Enterprise. They will investigate, analyze, and respond to cyber incidents. All cyber investigations are tracked from creation to completion in an investigation database. They will also interact with and support subordinate organizations responsible for similar functions in other geographical regions around the world. The Security Operations Center (SOC) Incident Response Manager will interact with Law Enforcement and Counterintelligence liaisons concerning high profile cyber incidents and/or insider threat related investigations.

    Duties and Responsibilities:
    • Collect and analyze network and/or host artifacts from a variety of sources to include logs, system images and packet captures to characterize activity, determine root cause, operational impact, and to enable rapid remediation and/or mitigation of cyber threats within the Enterprise Network through the investigation process.
    • Perform cyber incident triage; to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation.
    • Provide expert technical support and perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support subordinate organizations and system owners.
    • Manage and document cyber defense incidents from initial detection through final resolution methods.
    • Demonstrate effectiveness by successfully investigating and responding to Red Team (penetration testing) activity.
    • Demonstrate the ability to analyze, detect, and intelligently discuss the following types of attacks, at a minimum:
      • Man-in-the-Middle
      • Phishing Attacks
      • Ransomware
      • Web Based Attacks (such as Cross-Site Scripting or Server Side Request Forgery, as an example)
      • SQL Injection
      • Authentication Attacks (Such as Brute Force, Pass-the-Hash, or Golden Ticket)
      • Be able to discuss APT tactics, and how they vary from common criminal type Threat Actors
    • Ability to understand scripting languages, such as PowerShell or Python.
    • Ability to understand query syntax, such as Snort, Suricata, Tool Command Language, Kusto Query Language, and/or Lucene.
    • Ability to analyze system logs and complete the lifecycle of events that occurred in a given computer system (Windows and Linux).
    • Perform memory analysis on a Window's system.
    • Ability to analyze technical data and then effectively communicate impact statements to non-technical leadership.


    Position Requirements:
    • Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.
    • 5+ years serving on an Incident Response Team/Mission
    • IAT II Certification (i.e. CCNA-Security, CySA+ **, GICSP, GSEC, Security+ CE, CND, or SSCP)
    • DODD 8570 CSSP Track: CSSP Incident Responder
    • Active TS/SCI Clearance

    View Additional positions with this team here:

    Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.