Senior Cybersecurity Analyst

Leidos•Lorton, VA

5h•Onsite

About The Position

The Defense Sector at Leidos is looking for a Senior Cybersecurity Analyst to support a fast-paced program with Air Force Life Cycle Management Center. The Senior Cybersecurity Analyst will provide comprehensive Security Operations Center (SOC) support to a weapons system program with the Air Force. This role is a critical member of the 24x7 security and network operations center team, ensuring the security and integrity of program IT infrastructure, protecting sensitive data, and mitigating cyber threats. The ideal candidate will have a strong technical background in cybersecurity principles, tools, and best practices. This position will require 100% on-site work with no remote work supported. This role will support 24x7 operations and requires shift rotations on a regular basis. Shift assignments will be based on program requirements and your preference, but some flexibility may be required.

Requirements

US Citizen with at least a Top Secret clearance and the ability to obtain a SCI prior to your start date. In addition, the ability to maintain your clearance during your employment with Leidos
Bachelor’s Degree with 8+ years of experience or Master’s degree with 6+ years of experience. Additional experience may be considered in lieu of a degree
Must have an active DoD IAT Level II certification, prior to start (e.g. Sec+, CISSP)
Incident Response experience
Knowledge of MITRE ATT&CK principles
Systems administration experience - desktop and server systems connected to local and wide area networks
Knowledge Management skills to follow and create documentation.
Experience with Splunk, ACAS, ESS
Excellent problem-solving skills and troubleshooting skills
Motivated self-starter with strong written and verbal communication skills for collaborating with technical and non-technical stakeholders, and the ability to create complex technical reports on analytic finding

Nice To Haves

Working knowledge of cloud security and related tools for incident response
Experience securing classified DoD networks, such as networks connected to SIPR or JWICS
Knowledge of cloud-native security information and event management (SIEM) tools
Knowledge of cloud-native endpoint security tools
Experience with Agile framework and DevSecOps
Familiarity with incident response processes and tools
Experience with scripting or automation tools for security tasks
Ability to work in a dynamic environment and adapt to changing priorities
Experience using and interpreting vulnerability assessment or scanning tools such as Nessus

Responsibilities

Provide SOC and Incident Response support, including coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for events and incidents.
Monitor and reply to events and alerts from the SIEM, monitoring tools, and other network tools.
Investigate events of interest and escalating to senior NOC / SOC members.
Drive incidents from discovery to closure and reporting, with comprehension of escalation procedures and criteria.
Categorize incidents and partner with appropriate authorities in the production of security incident reports.
Build timelines, documents, briefings, and other products as required to inform stakeholders of incident response actions, analysis, and the impact of both the incident and remediation actions taken.
While not in a period of incident response, you will conduct exercises and dry runs to improve response outcomes in the event of a cyber-incident.
Integrate with Information Assurance (IA) team to support policy updates and continuous monitoring activities in support of Authorization to Operate (ATO) maintenance.
Provide enterprise recommendations to remediate environment wide issues, support continuous process improvement, and report analysis.
Investigate compromised endpoints, identifying indicators of compromise (IOC) within the environment and conveying to stakeholders the impact of discovered events.