Description SAIC is seeking a Principal Cyber Security Analyst to join our Cyber Security team in Reston, VA. PRIMARY RESPONSIBILITIES The BSE Principal will be responsible for analyzing the service request and proposal bid opportunities and recommending alternatives exceptions to enable the business for pursuit. Will research ITO Demand Management domain materials to develop SAIC Business leads, contacts, and capture plans. Will support new business proposals through capture activities and responses to requests for proposal (RFPs). Will actively participate in industry groups and conferences to represent and promote the company's capabilities Lead the Cyber Security Business Engagement (CSBE) organization by providing technical vision and security program management fundamentals across the organization. Work closely with the other organizations within the CS Directorate to ensure comprehensive handoffs (training, documentation, and technical integration) to Cyber Security GRC, IAM, Architecture and Engineering Operations until secure Business security architecture and engineering tasks are complete. Work closely with other SAIC organizations, within CS to ensure SAIC solutions and cyber capabilities meet CS Threat IntelligenceManagement team's BR, SOC, CIRT and VMP and Cyber Solutions Directorate requirements and adhere to Governance, Risk, and Compliance (GRC) polices. Support the development of cybersecurity technical roadmaps and documentation to drive constant cyber transformation and improvements in SAIC's enterprise defensive security posture Collaborate using networks and professional relationships to achieve common goals. Be a cybersecurity leader, and provide mentorship for less experienced cybersecurity practitioners Qualifications REQUIRED QUALIFICATIONS Bachelors in Information Systems, Computer Science, Information Security or related IT field and nine (9) years or more experience. Demonstrated previous leadership, deep technical risk analysis, and engineering and architectural design understanding, knowledge and experience. Ability to write and verbally communicate information security and risk-related concepts effectively to both technical and non- technical audiences. Must have strong problem- solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations. Working knowledge of Security StandardsControls specified under various IT governance and compliance models (NIST, ISO 2700127002, ITIL, SOX, and DFARSFARS). This includes Applications and Systems Development Security, Security Management Practices, Access Control, Security Architecture and Modeling, Telecommunications, Network Security, Cryptography (PKI), Operations Security, and Physical Security Controls Experience in security hardening and firewall configurations that reflect best practice secure settings based on industry benchmark and or exceptions that minimize risk to the security and enable business Deep technical knowledge of common cybersecurity engineering, architecture and design and principles. Fundamental technical knowledge of Active Directory, Windows and Linux OSes, VMWare, SDDC and Virtual firewalls, networks, Oracle, SQL, stored procedures, scripts and reports. Expertise with NIST and ISO 27000 series, particularly NIST SP 800-53, NIST SP 800-171 r1, ISO 270012. 8-10 years relevant risk assessment, information security analytical experience. Experience acting as a Subject Matter Expert or team lead providing guidance to others Strong communication skills person in this role must be able to successfully communicate with management personnel, technical personnel and third parties Professional Security Industry Certifications such as CISSP, CCNA, CCIE or other relevant industry certifications through such accrediting bodies such as the DoD, ISC2, ISACA, SANS or Comp TIA. Proven ability to work with cross-functional teams. Self-starter, individual contributor must perform with limited or no supervision. Possesses proven initiative and developed listening skills. Demonstrate timely task completion involving solid organizational skills, task tracking, and follow-up, and productive peer interaction. Possess strong technical writing, verbal and presentation skills especially with communicating to PMOs senior management. Provide feedback on internal processes required to help train and mentor other professionals as needed Worked with Secure Development Life Cycle and Work experience in a mature risk management team with proven risk assessment methodology. Demonstrate success leading and conducting senior level security risk analysis. Specifically, threat modeling involving system decomposition, threat and vulnerability discovery and mitigation. Understanding of SAIC Security policy, Cyber Security Framework (CSF), Risk Management Framework (RMF) and SANS Top 20 behavioral based threat models, (eg, ATTCK, Cyber Kill Chain, Diamond Model, etc. Strong understanding of cybersecurity and project management fundamentals. Familiarity with common cybersecurity COTS and FOSS tools and their application in a large enterprise environment. DESIRED QUALIFICATIONS Experience in the use of MS Project, MS, Visio, SCCM,FIM MIM VMware SDDC and other Microsoft products, ServiceNow, Archer and SPLUNK eGRC SEIMs and other MVM Nessus, and other security tools to manage the service requests SIARRAs work Queue and other URLs , AoVPNs, NAC exceptions service request exception management intake points. Experience with NIST SPs for SSPs, DFARs, FARs , HIPAA GDPR Encryption and other International security and regulatory standards Project Management Skills bullExperience with reviewing systems vulnerabilities for risk and relevance. Experience in planning mitigations for systems vulnerabilities Extensive understanding of GRC, CRM and Security Champion Program technologies, concepts, policies, processes, best practices, and solutions. Knowledge of technology trends and developments in the areas of IAM, and knowledge and experience with formal security and control frameworks such as ISO 17799, COSO, ITIL, and NIST SP 800-53 Ensure requirements gathered, processes defined, and use cases documented follow out of the box configuration vs. customization for relevant IAM technologies as much as possible. Participate Design deployment architectures. Participate in capacity planning and HW SW specification recommendation efforts. Participate in all technology deployment activities ranging from design to architecture to configuration and custom development. Participate in andor lead User Acceptance Testing and bug-related engineering efforts. Design, implement and educate on code deployment, code migration, and source control use. Provide knowledge transfer and post production support activities as necessary. Comprehensive understanding of Data Protection solutions and technologies including Data Loss Prevention (DLP), data masking, tokenization, data classification, and data encryption. Desired Qualifications