Join SAIC's cyber security team and work on this effort that encompasses technical, engineering, management, operation, logistical and administrative support for cyber security operations. The ideal candidate will have broad and deep experience in cyber security with demonstrated successes in supporting a large scale IT infrastructure encompassing overseas and domestic facilities.
The Computer Incident Response Team (CIRT) uses the Network Monitoring and Incident Response System (IDS) Sensor Network to perform near real-time detection, collection, analysis, correlation and reporting of system security events that pose a threat to the Department's networks. The mission of the CIRT is to work closely with internal and external entities to:
Tier-2: Advanced Analysis and Incident Handling
- Monitor and detect all available computer information systems for infractions;
- Respond and assist with the resolution of any suspected or successful computer security breach or violation;
- Share knowledge and intelligence gained from computer security events with stakeholders; and
- Protect against and prevent potential computer security threats and vulnerabilities.
- Conduct advance analysis and recommend remediation steps for computer security events and incidents
- Receive and process events and provide recommendations regarding advanced analysis
- Coordinate with ISSOs, and others as needed
- Support computer security incidents identified from non-CIRT organizations, when requested
- Perform quality control checks of CIRT events
- Identify advanced techniques and coordinate to improve analysis capabilities
- Perform advanced malware analysis
- Coordinate with other Divisions to create and deploy new signatures on existing toolsets
The Technical Lead, CIRT Tier 2 leads and oversees Tier 2 contractor activities for the CIRT program; provides technical and operational oversight. Schedules, coordinates, guides, monitors, tracks and reports on Tier 2 activities and performance. Conducts advance analysis and recommends remediation steps for computer security events and incidents. Ensures established Tier 2 processes and procedures are followed, including during surge support and in interaction with customers. Recommends improvements to increase operational efficiency. Liaises and coordinates with operational managers and other entities within the Department and with outside agencies.
Support CIRT operations and provide Tier 2 intrusion detection analysis and response. Specific activities include but are not limited to the following:
- Lead Tier-2 analysis support 24x7x365
- Monitor the CIRT hotline, email inboxes, fax and the Remedy ticketing system
- Investigate, analyze, remedy, and report on security events and incidents
- Report incident information to the U.S. CERT
- Maintain incident logs
- Produce reports on CIRT activities
- Participate in the Government Forum of Incident Responders and Security Teams (GFIRST) meetings
- Collaborate with other local, national and international CIRTs
- Perform inter-agency liaison; coordinate events/incidents information with operational managers and law enforcement entities within the Department, and with outside agencies
- Render technical assistance for criminal investigations and non-security related operational events
- Provide monthly project status report as part of the MIRD Task Status Report by the 15th of each month, containing details as described in paragraph 7.2, Program Management and Administration
- Report on quality performance measures quarterly as part of the overall Program performance measures review
Education: A Bachelor's Degree in Computer Science, Information Systems, Engineering, Telecommunications, or other related scientific or technical discipline. Four (4) additional years of general experience (as defined below) may be substituted for the degree.
General Experience: Eight (8) years of experience in network center management and operation with increasing responsibilities.
Specialized Experience: Five (5) years of current experience in 24x7x365 network security monitoring operations of similar size and scope as the CIRT.
Three (3) years of experience in LANs, WANs, VPNs, network protocols, firewalls, routers, and performing malware analysis. Demonstrated experience in network security systems and products.
Certification Required: CISSP
Technology Required: Remedy Service Management; Netwitness; Net Detector; ISS Site Protector; RealSecure; McAfee IntruShield; SPLUNK log aggregator; Symantec Security Event Manager, and a variety of tools to perform malware analysis.
Location: Beltsville MD or Rosslyn VA
Shift Work: CIRT operates 24x7x365 and is staffed with Tier 1 and Tier 2 analysts with six (6) eight-hour shifts.
Must be Those authorized to work in the United States without sponsorship are encouraged to apply. with active Top Secret clearance Desired Qualifications
My SAIC Benefits.