Cyber Tier 1 Deputy Team Lead

Leidos•Ashburn, VA

13h•$87,100 - $157,450•Onsite

About The Position

Leidos is seeking a Cyber Tier 1 Shift Lead to join their team on a highly visible cyber security single-award IDIQ vehicle that provides Network Operations Security Center (NOSC) support, cyber analysis, application development, and a 24x7x365 support staff. The Department of Homeland Security (DHS), Network Operations Security Center (NOSC) is a U.S. Government program responsible for monitoring, detecting, analyzing, mitigating, and responding to cyber threats and adversarial activity on the DHS Enterprise. The DHS NOSC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a shared DHS incident tracking system and other means of coordination and communication. The Monitoring and Analysis team provides 24x7 support across 4 different shifts: front half shifts (day and night) and back half shifts (day and night). The front half shift works 12-hour shifts from Sunday – Tuesday and alternating Wednesdays. The back half shift works 12-hour shifts from Thursday – Saturday and alternating Wednesdays. Candidates must have the ability to work non-core hours, if necessary. Duties include network security monitoring and detection, proactively searching for threats, inspecting traffic for anomalies and new malware patterns, investigating and analyzing logs, providing analysis and response to alerts, and documenting activity in NOSC investigations and Security Event Notifications (SENs). The Monitoring and Analysis Deputy Team Lead is a critical role within the Network Operations and Security Center (NOSC), created to enhance operational efficiency, streamline processes, and improve the overall cybersecurity posture. This role emphasizes continuous improvement of effectiveness and efficiency, ensuring consistent communication and task completion across all shifts, and providing quality assurance and content enhancement for cybersecurity investigations and monitoring tools.

Requirements

Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field
A minimum of 4-8 years total professional experience in at least two of the following areas: Vulnerability Assessment, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Encryption, Web-Filtering, Advanced Threat Protection
Military experience and training may be considered in lieu of degree
Active advanced cybersecurity certification(s)
Experience conducting detailed technical analysis of Cybersecurity Events and Incidents
Must have current TS/SCI clearance
Must obtain an Entry on Duty (EOD) clearance
Must have one of the following certifications: CCNA-Security, CYSA+, GICSP, GSEC, Security+ CE, CND, SSCP
Extensive knowledge of a SOC’s/NOSC’s purpose and role within an organization
Detailed understanding of common network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc.)
Expertise with network topologies and network security device functions (e.g. Firewall, IDS/IPS, Proxy, DNS, etc.)
Expertise with packet analysis tools such as Wireshark
Able to perform critical thinking and analysis to investigate cyber security alerts
Extensive knowledge of common malware and attack vectors
Extensive experience with Windows operating systems and standard OS logging
Extensive experience with Antivirus, DLP, and host-based firewalls

Nice To Haves

Expertise in Lean Six Sigma, e.g. Black Belt or Green Belt
Familiarity with other continuous improvement methodologies, e.g. Theory of Constraints
Strong analytical skills with the ability to perform quality assurance and content improvement.
Demonstrated ability to liaise between multiple teams and organizational levels.
Excellent communication skills, both written and verbal, with the ability to interact effectively with federal leadership and team members across all shifts.

Responsibilities

Lead efforts to reduce onboarding time through continuous observation and assessment of operations and administrative processes.
Implement process improvements to enhance efficiency and reduce unnecessary efforts, leveraging Lean Six Sigma methodologies.
Continuously review and refine Standard Operating Procedures (SOPs) and workflows to ensure they are modern, efficient, and aligned with current needs.
Collaborate with the SOAR team and other special teams to enhance automation and workflow capabilities.
Provide superior customer service to the Department of Homeland Security (DHS) by accurately identifying and addressing ad hoc requests from federal leadership.
Act as a point of contact for high-level leaders and leads on the federal side to ensure clear communication and understanding of requirements.
Oversee and maintain compliance with required training programs, including on-the-job cybersecurity training and DHS-mandated e-learning courses.
Manage and maintain access to cybersecurity tools, ensuring all team members have the necessary permissions to perform their roles effectively.
Provide training on the use of various cybersecurity tools to team members, enhancing their capability to use the tools efficiently.
Ensure that all shifts (Front Days, Back Days, Front Nights, Back Nights) do not miss important emails or tasks, maintaining consistency in task completion.
Monitor and follow up on asks to ensure they are addressed and not overlooked, addressing gaps in previous processes.
Perform quality assurance checks on Splunk comment closures, Splunk investigations, and cybersecurity investigations (ECMs).
Conduct quality checks on EBMs or proxy and firewall blocks submitted within the network.
Review trends and data to develop better content for Splunk alerting and monitoring.
Continuously work to improve the accuracy and efficiency of monitoring content by analyzing investigation trends.
Collaborate with the federal cybersecurity leads to reduce waste and improve meaningful cybersecurity processes.
Engage with various teams to explore new methods to improve the work environment and cybersecurity services, including liaising with SOAR engineers and other special teams.
Test and evaluate new tools and services requested by the customer in a testing or development environment, providing critical feedback and analysis before enterprise-wide acquisition.
Collaborate on feature development and enhancement of existing tools by testing new features and providing insights to optimize their functionality for the organization.