Security Incident Response (IR) Team Lead

    Washington, DC 20001
    Similar jobs pay $12.50 - $21.74

    Job Description


    As the Security Incident Response Team Lead you will directly support the security operations staff by providing oversight, guidance, and mentorship to a 5-8 person team of security analysts. In this player/coach role, you will manage and mentor security incident response staff who will apply technical and analytical skills to investigate and handle intrusions, malicious activities, potential insider threats, and perform incident response.

    Responsibilities include but not limited to

    • Manage the relationship with the customer

    • Provide weekly and monthly reports on Security Incident Response team activities

    • Determine staffing requirements: guiding recruitment, hiring, training, development, and retention of highly qualified team members

    • Foster innovation, creativity, collaboration, and professional growth of the team

    • Maintain strong standards, and promote productivity, accountability and high morale

    • Oversee training and exercises to ensure team proficiency

    • Influence and improve upon existing processes through innovation and operational change

    • Develop and support strategic plans and projects to meet SOC goals and objectives

    • Participate in "after action" reviews to identify lessons learned and best practices

    • Regularly review standard operating procedures and protocols to ensure team continues to effectively meet requirements

    • Evaluate existing technical capabilities and systems and identify opportunities for improvement

    • Ensure the team is providing excellent customer service and support

    Remote work may be an option for this position but will first require written approval by the COR



    Bachelor's degree in a technical field such as Computer Science, Information Security, Information Technology, Computer Engineering, Information Systems, etc.

    • 8+ years of security operations technical experience preferably in security incident response capacity

    • Must possess either GIAC Certified Enterprise Defender (GCED) or GIAC Defending Advanced Threats (GDAT).

    • Experience responding to APT or FIN actor

    • Experience working in fast paced environments, and ability manage workload even during times of stress or escalated activity

    • Enthusiastic to be active in the training, coaching, and development of the team members

    • Experience with developing and maintaining metrics

    • Ability to communicate IT, networking, and security concepts to personnel at all levels of experience and responsibility

    • Track record of creative problem solving, and the desire to create and build new processes

    • Strong time management and multitasking skills as well as attention to detail

    • In-depth understanding of security architectures and devices

    • Strong understanding of root causes of malware infections and proactive mitigation

    • Strong understanding of lateral movement, footholds, and data exfiltration techniques

    • Comfortable with impromptu tasking and loosely defined requirements

    • Strong analytical and investigation skills

    • Excellent oral and written communications skills

    • Ability to think strategically in implementing overall task and responsibilities of the team

    • Ability to turn high-level goals into actionable steps and develop a roadmap to achieve the goals

    • Ability to mentor and coach less experienced security analysts. Providing techniques and strategies to dig deeper into investigations

    • Extensive Incident Response leadership experience

    • Experience developing and writing processes and procedures for Security IR team

    No clearance required to start work. You will be required to undergo SEC background check once employed.


    Experience working with U. S. Securities and Exchange Commission is desired but not required.

    Preferred Qualifications:

    • Master's degree in Information Security or related field

    • Multiple relevant security certifications (such as: CISSP, GCIA, GCIH, GREM, CEH)

    • Experience with one or more scripting languages, e.g., Python, JavaScript, Perl.

    • Forensics experience

    • Experience as a government contractor


    SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $7.1 billion. For more information, visit For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability

    Posting ID: 554843810Posted: 2020-05-27