SAIC is seeking a Cyber Defense Manager to work onsite with our customer in Quantico, VA. This position supports the Marine Corps Cyberspace Operations Group (MCCOG).
This position is contingent upon contract award. If awarded, work will begin in Fall 2023.
Job Summary: The Cyber Defense Signature Manager will be responsible for the continuous development and refinement of signatures, plays, policies, configurations, scripts and indicators used to identify malicious or unauthorized activity via network and host based detection on the Enterprise Network. The analyst will Leverage Snort, Regex, and YARA (or similar methods) to apply logic needed to detect and alert malicious activity at various levels within the environment. The Contractor shall maintain the Government's Enterprise Security Information and Event Management (SIEM) systems (four total), both classified and unclassified.
Duties and Responsibilities:
- Provide subject matter expertise in creation, editing, and management of signatures, rules and filters for specialized network defense systems including but not limited to network and ESS IDS, IPS, firewall, web application firewall, proxy and SIEM systems.
- Leveraging things like Snort, Tool Command Language, Kusto Query Language, Lucene, Kibana Query Language, as examples.
- Provide Security Information and Event Management (SIEM) subject matter expertise in Kafka, Linux, Elastic Search, Logstash, and Kibana.
- Ability to recommend parsing normalization to help analysts digest and analyze data sets.
- Utilize the Mitre ATT&CK matrix and other threat frameworks to develop detection plays. Continually refine these processes with the goal of automating their execution.
- Analyze host and network-based events daily to identify and eliminate large numbers of false positive alerts.
- Analyze SIEM views daily to ensure views support detection and response operations. Modify SIEM views to eliminate false-positive or unnecessary alerts.
- Report suspected network misconfigurations that cause unnecessary events and alerts in the SIEM. The contractor shall make these reports via the Government's ITSM trouble ticketing system and by assigning those tickets to the appropriate Government or Contractor entity responsible for managing those sensors or feeds.
- Demonstrate effectiveness by successfully identifying and/or preventing Red Team (penetration testing) activity.
- Ability to detect anomalous behavior such as process injection.
- Ability to correlate processes, services, file, and registry behavior and develop signatures to detect or prevent this threat. (Windows and Linux).
- Review Packet Captures retrieved from signature hits, perform packet analysis to identify true/false positives, and make necessary changes to signature sets as required.
- Active TS/SCI clearance
- Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.
- Experience managing a Sensor Grid Support Team
- IAT III Certification (i.e. CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP)
- Must also have DODD 8570 CSSP Infrastructure Support
- Willing to work largely Day Shift but the position is Emergency Essential
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Apply on company website