Cybersecurity Ops Analyst Senior CIRT

SAIC has an opening for a Cybersecurity Ops Analyst Sr. This position is located in Oak Ridge, Tennessee; however, SAIC is open to remote work for qualified candidates. This role is a senior analyst position on SAIC’s Cyber Incident Response Team within the Enterprise Security Operations Center. Reporting to the Manager of Defensive Cyber Operations, the Cybersecurity Ops Analyst Sr is responsible for supporting complex cybersecurity incident investigations, forensic log analysis, and response activities across the enterprise. The senior analyst will investigate escalated security cases, analyze security telemetry, perform forensic review, coordinate response actions, and help ensure SAIC maintains a strong, repeatable, and technically mature incident response capability. This includes analysis across SIEM, EDR, endpoint telemetry, identity platforms, email security tools, network logs, cloud telemetry, and other enterprise security data sources. This position requires the ability to work laterally across the ESOC and the broader cybersecurity organization to investigate incidents, validate findings, coordinate response actions, and improve operational readiness. The analyst will serve as an escalation point for high priority cases and will help translate technical investigation findings into clear operational recommendations. In addition to incident response and forensic responsibilities, the analyst contributes to continuous improvement across the ESOC by supporting playbook development, purple team exercises, tabletop exercises, post incident reviews, documentation, process refinement, and knowledge sharing with other analysts. This role is expected to strengthen investigative consistency, improve response readiness, and help mature the organization’s defensive cyber operations capability. The position will work a 4x10 schedule, 7:00 a.m. EST to 5:00 p.m. EST, Monday through Thursday, with the expectation to support 24/7/365 operations as required. Job Duties •Take escalated cybersecurity cases and coordinate triage, investigation, containment, eradication, and recovery activities across affected systems, accounts, and environments.

• Conduct incident investigations using forensic analysis, SIEM, EDR, endpoint, identity, email, network, cloud, and other enterprise security telemetry to determine scope, impact, root cause, and potential data exposure.
• Coordinate approved remediation actions such as account disablement, session revocation, email purge, endpoint isolation, IP or URL blocking, access review, and other response actions needed to reduce risk and restore affected environments.
• Develop clear investigative timelines, case narratives, evidence summaries, technical findings, and response documentation to support operational decision making and post incident review.
• Work laterally across the ESOC and cybersecurity organization to validate findings, communicate risk, coordinate response activity, and support timely incident resolution.
• Identify detection gaps, control weaknesses, forensic visibility gaps, response gaps, and process improvement opportunities based on incident findings, case reviews, purple team activity, and tabletop exercises.
• Support purple team exercises by validating alerts, reviewing adversary emulation activity, identifying visibility gaps, and helping convert findings into improved monitoring, investigation, and response procedures.
• Lead tabletop exercises to validate response processes, escalation paths, communication workflows, analyst readiness, and cross functional coordination.
• Identify training gaps and provide training, mentoring, and knowledge sharing to junior team members to strengthen investigative quality, technical capability, and operational consistency across the ESOC.
• Create, maintain, and improve incident response playbooks, forensic investigation guides, case templates, escalation procedures, and operational documentation.
• Support threat hunting and proactive analysis efforts based on observed incidents, emerging threats, forensic findings, and enterprise risk priorities.
• Contribute to ESOC continuous improvement initiatives, including AI and automation, case management improvements, workflow refinement, documentation, and operational reporting.
• Support the ESOC’s 24/7/365 operational needs as required to maintain continuity of coverage during high priority incidents or elevated tempo events.
• Perform additional duties and support other operational tasks as assigned to meet mission and organizational needs.

SAIC® is a premier mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, intelligence, and civilian markets includes secure high-end solutions in mission IT, enterprise IT, engineering services, and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives. We are approximately 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.3 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. Apply To This Job