Job Info
Job ID: 219505
Location: RICHMOND , VA , US
Date Posted: 2021-06-24
Category: Cyber
Subcategory: Cybersecurity Spec
Schedule: Full-time
Shift: Day Job
Travel: Yes, 10 % of the Time
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: Yes
Description
About the SAIC MSI Program
SAIC has been awarded a $165 million contract by the Commonwealth of Virginia to serve as a multisourcing service integrator (MSI). Under the contract, SAIC will provide an innovative approach to assist the Virginia Information Technologies Agency (VITA) with modernizing the state’s technology infrastructure. Under the contract, SAIC will coordinate and monitor multiple IT infrastructure services suppliers for state executive branch agencies. The MSI is the cornerstone of a strategy that will diversify the state’s portfolio of suppliers, improve service delivery quality, ensure cost-competitiveness, and provide transparency and accountability into the commonwealth’s service delivery platform.
Position Summary
SAIC is seeking a Jr Cyber Risk Management Analyst to join our MSI team supporting the Commonwealth of Virginia (COV). The Risk Analyst team will be interacting with COV technology suppliers about their compliance with COV cybersecurity policies and practices, and providing a wide range of Risk management services to them and the Commonwealth. This will require a combination of the following Knowledge, Skills, and Abilities:
Knowledge
Strong understanding of applying Risk Management Frameworks (preferably NIST RMF and/or ISO 27000), including:
- Identification of business priorities,
- Analysis of Risk to those priorities,
- Planning of security controls to best protect those priorities while meeting requisite policies and procedures,
- Conducting vulnerability assessments at the network, system and application level, and performing formal risk assessments,
- Developing and implementing security controls and formulates operational risk mitigations to remediate weaknesses,
- Quantifying and reporting on remediation progress,
- Assessesing remediation effectiveness,
- Analysis of threat landscapes,
- Reprioritization of remediation activities as dictated by changing threat landscapes,
- Automation of continuous monitoring solutions,
- Incident response and incident Root Cause Analysis,
- Support of cyber metrics development, maintenance, and reporting,
- Support of internal work instructions, procedures, and processes,
- Assisting in the implementation of required government policy (SEC501 / SEC525), and
- Maintaining a consolidated Risk Register, with escalation of known issues that surpass the risk appetite of the organization.
Abilities
Strong verbal, analytical, and written communication abilities:
- Verbal abilities should be confident but non-confrontational, articulate but not wordy, equally comfortable leading and following, and as eager to listen as to contribute.
- Analytical abilities should avoid black-and-white thinking, and instead embrace diversities of opinions and viewpoints for their ability to inform complex solutions to complex real-world problems.
- Written abilities should produce grammatically correct, concise, informative, and visually appealing written products.
- Adaptability to both technical and non-technical audiences and a strong customer-service focus will be critical since this is a role that will have frequent contact with our COV customer.
Qualifications
Required Education and Experience:
Skills
- Candidates should describe their depth of hands-on experience with the following cybersecurity capabilities: RSA Archer, CyberArk, SailPoint, SQL Server, Nessus, VMware, Splunk, Active Directory, LDAP, PaloAlto, Encase, CMDB, cURL, PuTTY, Java, JavaScript, JBOSS, JDBC, ServiceNow, Okta, eGRC tools, PKI concepts and provisioning tools, static code analyzers, endpoint protection capabilities, VPN capabilities, System Admin tools, virtualization failover techniques, Cloud/FedRAMP security practices & service deployment models, SSAE16 audits, VITA SSP and VITA VAR documentation, and other cybersecurity-related protection capabilities and tools.
Education / Certifications / Other
- Candidates with a Bachelor’s degree and 0-1+ years of experience. Degrees in engineering, science, computer science and mathamatics are preferred.
- Continual Learning. Completion of advanced course work, or attainment and maintenance of cybersecurity-related credentials and certifications, is preferred.
- ITIL Certification. Candidates who have completed ITIL v3 2011 Foundation or above are preferred.
- Location. Work will be performend in Richmond, VA, with some telework allowed subject to customer needs and ability to adhere to telework policy.
- Must have previous IT or cybersecurity work experience or education.
- It is preferred for someone to already have at least 1+ years of Cybersecurity experience
- It is preferred for someone to have previous experience using Cybersecurity tools.
Security Clearance Requirement
- US Citizen. Must be able to pass a Commonwealth of Virginia background check.
Target salary range: $55,001 - $65,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit
saic.com or
Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.
This job has expired.