Description
Description
SAIC has an opening for a Cybersecurity Ops Analyst Sr. This position is located in Oak Ridge, Tennessee; however, SAIC is open to remote work for qualified candidates.
This role is a senior analyst position on SAIC's Cyber Incident Response Team within the Enterprise Security Operations Center. Reporting to the Manager of Defensive Cyber Operations, the Cybersecurity Ops Analyst Sr is responsible for supporting complex cybersecurity incident investigations, forensic log analysis, and response activities across the enterprise.
The senior analyst will investigate escalated security cases, analyze security telemetry, perform forensic review, coordinate response actions, and help ensure SAIC maintains a strong, repeatable, and technically mature incident response capability. This includes analysis across SIEM, EDR, endpoint telemetry, identity platforms, email security tools, network logs, cloud telemetry, and other enterprise security data sources.
This position requires the ability to work laterally across the ESOC and the broader cybersecurity organization to investigate incidents, validate findings, coordinate response actions, and improve operational readiness. The analyst will serve as an escalation point for high priority cases and will help translate technical investigation findings into clear operational recommendations.
In addition to incident response and forensic responsibilities, the analyst contributes to continuous improvement across the ESOC by supporting playbook development, purple team exercises, tabletop exercises, post incident reviews, documentation, process refinement, and knowledge sharing with other analysts. This role is expected to strengthen investigative consistency, improve response readiness, and help mature the organization's defensive cyber operations capability.
The position will work a 4x10 schedule, 7:00 a.m. EST to 5:00 p.m. EST, Monday through Thursday, with the expectation to support 24/7/365 operations as required.
Job Duties
•Take escalated cybersecurity cases and coordinate triage, investigation, containment, eradication, and recovery activities across affected systems, accounts, and environments.
• Conduct incident investigations using forensic analysis, SIEM, EDR, endpoint, identity, email, network, cloud, and other enterprise security telemetry to determine scope, impact, root cause, and potential data exposure.
• Coordinate approved remediation actions such as account disablement, session revocation, email purge, endpoint isolation, IP or URL blocking, access review, and other response actions needed to reduce risk and restore affected environments.
• Develop clear investigative timelines, case narratives, evidence summaries, technical findings, and response documentation to support operational decision making and post incident review.
• Work laterally across the ESOC and cybersecurity organization to validate findings, communicate risk, coordinate response activity, and support timely incident resolution.
• Identify detection gaps, control weaknesses, forensic visibility gaps, response gaps, and process improvement opportunities based on incident findings, case reviews, purple team activity, and tabletop exercises.
• Support purple team exercises by validating alerts, reviewing adversary emulation activity, identifying visibility gaps, and helping convert findings into improved monitoring, investigation, and response procedures.
• Lead tabletop exercises to validate response processes, escalation paths, communication workflows, analyst readiness, and cross functional coordination.
• Identify training gaps and provide training, mentoring, and knowledge sharing to junior team members to strengthen investigative quality, technical capability, and operational consistency across the ESOC.
• Create, maintain, and improve incident response playbooks, forensic investigation guides, case templates, escalation procedures, and operational documentation.
• Support threat hunting and proactive analysis efforts based on observed incidents, emerging threats, forensic findings, and enterprise risk priorities.
• Contribute to ESOC continuous improvement initiatives, including AI and automation, case management improvements, workflow refinement, documentation, and operational reporting.
• Support the ESOC's 24/7/365 operational needs as required to maintain continuity of coverage during high priority incidents or elevated tempo events.
• Perform additional duties and support other operational tasks as assigned to meet mission and organizational needs.
Qualifications
TYPICAL EDUCATION AND EXPERIENCE:
Bachelor's degree and five (5) years or more of related experience; Master's degree and three (3) years or more of related experience; PhD and 0 years of related experience.
Must have a minimum of three years of cybersecurity operations experience supporting enterprise security monitoring, incident response, forensic analysis, or cyber investigations.
Must have hands on experience working with enterprise SIEM technologies, preferably Splunk.
Must have hands on experience using EDR or endpoint security platforms to investigate suspicious activity, endpoint behavior, malware, account compromise, and incident scope.
Must possess one of the following certifications:
- CySA+, SSCP, or equivalent
Required Skills:
Strong leadership skills with a proven ability to lead and motivate a team effectively.
Can-do attitude.
Self-motivated and quick learner.
Excellent verbal and written communication skills.
Ability to multitask and collaborate to solve complex technical problems.
Desirables:
One or more of the following certifications
ISC2, Certified Information Systems Security Professional, CISSP
GIAC, Certified Incident Handler, GCIH
GIAC, Certified Forensic Analyst, GCFA
Apply on company website
Find Connections via Linkedin
