Cybersecurity Operations Associate

SAIC has an opening for a Cybersecurity Ops Associate. This position can be worked remotely for the right candidate. This position will be for third shift (10pm – 8am) and either Sunday – Wednesday OR Wednesday – Saturday. The Cybersecurity Ops Associate role is responsible for monitoring and analysis of identified security events in support of the real-time 24/7/365 Enterprise Security Operations Center's Detection & Response team’s monitoring capability. The Cybersecurity Ops Associate will perform daily operations utilizing a SIEM and monitoring events from multiple sources including but not limited to firewall logs, system logs, network and host-based intrusion detection systems, applications, databases, cloud infrastructure, and other security information monitoring tools. The associate will work as part of the ESOC team to ensure that our information assets are protected from unauthorized access or alterations and will help in the detection, analysis, and mitigation of potential threats. Job Duties: Responds and reacts to events in the SAIC monitored environment and escalates for further analysis as needed. Continuously monitor security event systems by utilizing the Enterprise Security Operation Center’s security information and event management (SIEM) tool. Provide initial response and support to potential intrusion or security breach alerts. Collect and compile historical data on security incidents for trend analysis and security measures improvement. Assist in containment measures during an incident to prevent further unauthorized access or data loss. Investigate and approve/deny IP/URL block requests. Contribute to the development of signature patterns based on known or anticipated threats to enhance detection capabilities. Provide feedback on signature tuning for better detection of anomalies. Create and maintain incident tickets as needed. PCAP Analysis and correlation of events. Determining urgency and potential impact. Assist with analysis of actions taken by malicious actors to determine initial infection vectors as well as establish a timeline of activity and any data loss associated with incidents. Develop and maintain security documentation including SOPs, incident reports, and policies. Communicate and escalate issues and alerts as required by process or management. Additional responsibilities including the support of various Enterprise Security Operations Center activities. SAIC® is a premier mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, intelligence, and civilian markets includes secure high-end solutions in mission IT, enterprise IT, engineering services, and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives. We are approximately 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.3 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. Apply To This Job