CYBER INCIDENT RESPONSE ANALYST

About the position

SAIC is actively seeking a Cyber Incident Response Analyst to join the Cyber Incident Response Team (CIRT) in support of the United States Army Corps of Engineers (USACE) OCIO/G-6 Managed Security Services (MSS). This role ensures 24/7/365 cyber threat monitoring, incident response, and forensic investigations to protect USACE networks and systems from advanced cyber threats. This position requires working rotating shifts, including nights, weekends, and holidays, as part of a 24/7/365 cyber operations environment.

Responsibilities

• Monitor, analyze, and respond to cybersecurity incidents across USACE-supported networks, cloud environments, and classified systems.
• Utilize cybersecurity tools to detect, analyze, and correlate security events.
• Conduct real-time intrusion detection and prevention (IDS/IPS) monitoring, ensuring continuous protection against malware, denial-of-service (DoS) attacks, and unauthorized access.
• Identify, classify, and assess cyber incidents, determining the threat level, attack methodology, and root cause based on received alerts and forensic evidence.
• Conduct forensic investigations, including log analysis, host memory analysis, and evidence collection, ensuring compliance with CJCSM 6510.01B Cyber Incident Handling Program.
• Implement containment and eradication measures to mitigate cyber threats, preventing lateral movement and minimizing operational impact.
• Develop and maintain incident response playbooks based on MITRE ATT&CK framework and USACE threat intelligence.
• Provide incident coordination and threat intelligence sharing with Army Cyber Command, USACE OCIO/G-6, DoD, and other Federal agencies.
• Generate After Action Reports (AARs), network damage assessments (AR 380-53), and lessons learned, supporting continuous security improvements.
• Assist with cyber risk mitigation, vulnerability scanning, and penetration testing to enhance defensive capabilities.
• Maintain compliance with DoD 8140.03, ensuring continuous training and certification requirements are met.

Requirements

• Bachelor's degree and two (2) years or more experience; additional four (4) years of experience accepted in lieu of degree.
• Experience working with DoD, USACE, or Federal cyber operations in an incident response role.
• Hands-on experience with MITRE ATT&CK framework, DISA STIG compliance, and Army cybersecurity policies.
• Familiarity with Risk Management Framework (RMF), NIST 800-53, and DoD 8500.01.

Nice-to-haves

• Must hold at least one of the following CSSP-Incident Responder (IR) certifications: CEH, CySA+, CFR, CCNA Cyber Ops, CCNA Security, CHFI, GCFA, GCIH, SCYBER, PenTest+.