Earnbetter

Job Search Assistant

Logo

Cybersecurity Ops Associate

SAIC • Remote • Posted 6 days ago

Boost your interview chances in seconds

Tailored resume, cover letter, and cheat sheet

Remote • Full-time • Entry Level

Job Highlights

Using AI ⚡ to summarize the original job post

The Cybersecurity Ops Associate at SAIC is responsible for monitoring and analyzing security events in support of the Enterprise Security Operations Center's Detection & Response team. This role involves working with various security monitoring tools to detect, analyze, and mitigate potential threats, ensuring the protection of information assets. The position may be remote anywhere in the US and requires working either 2nd or 3rd shift.

Responsibilities

  • Responds and reacts to events in the SAIC monitored environment and escalates for further analysis as needed.
  • Continuously monitor security event systems by utilizing the Enterprise Security Operation Center's security information and event management (SIEM) tool.
  • Provide initial response and support to potential intrusion or security breach alerts.
  • Collect and compile historical data on security incidents for trend analysis and security measures improvement.
  • Assist in containment measures during an incident to prevent further unauthorized access or data loss.
  • Investigate and approve/deny IP/URL block requests.
  • Contribute to the development of signature patterns based on known or anticipated threats to enhance detection capabilities.
  • Provide feedback on signature tuning for better detection of anomalies.
  • Create and maintain incident tickets as needed.
  • PCAP Analysis and correlation of events.
  • Determining urgency and potential impact.
  • Assist with analysis of actions taken by malicious actors to determine initial infection vectors as well as establish a timeline of activity and any data loss associated with incidents.
  • Develop and maintain security documentation including SOPs, incident reports, and policies.
  • Communicate and escalate issues and alerts as required by process or management.
  • Additional responsibilities including the support of various Enterprise Security Operations Center activities.

Qualifications

Required

  • Bachelor's Degree in Computer Science, Information Technology, Cybersecurity or a related field; OR, AA Degree in related discipline and one year related experience; Or, High School and two (2) years of related experience with relevant certification.
  • Must be a US Citizen.
  • Must possess the following certification: CompTIA Security+.
  • Availability to work flexible hours in a 24x7x365 environment.
  • Working knowledge of security architectures and devices.
  • Working knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
  • Can-do attitude.
  • Self-motivated and quick learner.
  • Excellent communication skills both verbal and written.
  • Ability to multitask.

Preferred

  • Possess one or more of the following certifications: CySA+, SSCP, CASP+ or additional relevant certifications.
  • Experience with SIEM tools and antivirus and IDS/IPS technologies.

Full Job Description

**Description**

SAIC Corporate Cybersecurity has an opening for a Cyber Ops Associate (Detection & Response Analyst). This position may be remote anywhere in the US for the right candidate. This role will work either 2nd shift (2pm to 12am) Sun-Wed or 3rd shift (10pm to 8am) Wed-Sat.

The Cybersecurity Ops Associate role is responsible for monitoring and analysis of identified security events in support of the real-time 24/7/365 Enterprise Security Operations Center's Detection & Response team's monitoring capability. The Cybersecurity Ops Associate will perform daily operations utilizing a SIEM and monitoring events from multiple sources including but not limited to firewall logs, system logs, network and host-based intrusion detection systems, applications, databases, cloud infrastructure, and other security information monitoring tools. The associate will work as part of the ESOC team to ensure that our information assets are protected from unauthorized access or alterations and will help in the detection, analysis, and mitigation of potential threats.

**Job Duties:**

+ Responds and reacts to events in the SAIC monitored environment and escalates for further analysis as needed.

+ Continuously monitor security event systems by utilizing the Enterprise Security Operation Center's security information and event management (SIEM) tool.

+ Provide initial response and support to potential intrusion or security breach alerts.

+ Collect and compile historical data on security incidents for trend analysis and security measures improvement.

+ Assist in containment measures during an incident to prevent further unauthorized access or data loss.

+ Investigate and approve/deny IP/URL block requests.

+ Contribute to the development of signature patterns based on known or anticipated threats to enhance detection capabilities.

+ Provide feedback on signature tuning for better detection of anomalies.

+ Create and maintain incident tickets as needed.

+ PCAP Analysis and correlation of events.

+ Determining urgency and potential impact.

+ Assist with analysis of actions taken by malicious actors to determine initial infection vectors as well as establish a timeline of activity and any data loss associated with incidents.

+ Develop and maintain security documentation including SOPs, incident reports, and policies.

+ Communicate and escalate issues and alerts as required by process or management.

+ Additional responsibilities including the support of various Enterprise Security Operations Center activities.

**Qualifications**

**Required Education and Experience Requirements:**

+ Bachelor's Degree in Computer Science, Information Technology, Cybersecurity or a related field; OR, AA Degree in related discipline and one year related experience; Or, High School and two (2) years of related experience with relevant certification.

+ Must be a US Citizen.

+ Must possess the following certification: CompTIA Security+.

+ Availability to work flexible hours in a 24x7x365 environment.

+ Working knowledge of security architectures and devices.

+ Working knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.

+ Can-do attitude.

+ Self-motivated and quick learner.

+ Excellent communication skills both verbal and written.

+ Ability to multitask.

**Desirable:**

+ Possess one or more of the following certifications: CySA+, SSCP, CASP+ or additional relevant certifications.

+ Experience with SIEM tools and antivirus and IDS/IPS technologies.

SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
REQNUMBER: 2411943

SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability