​​Network and Security Operations Center (NSOC) Incident Response Lead​

9630 Joint Base Langley Eustis VA

Apply now Apply later

Leidos is seeking an experienced Incident Response (IR) Lead to support a highly visible NSOC position. Reporting to the Leidos NSOC Lead, the NSOC Response Lead is responsible to independently lead teams of operators through the incident response lifecycle.  

 

The position may require occasional short-term travel to CONUS and OCONUS sites. This position may require an infrequent shift in workday schedule to support exercises occurring over weekends.  

Primary Responsibilities 

  • Assesses, categorizes, recommends prioritization, develops, reports on, guides, and assumes responsibility for cyber-IR actions in accordance with NIST SP 800-61 Rev. 2.  

  • Leads the IR team.  

  • Conducts in-depth analysis on hosts and networks, forensic analysis, log analysis, and triage in support of IR.  

  • Develops and builds security content, scripts, tools, or methods to enhance the incident investigation processes.  

  • Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response processes.  

  • Utilizes technologies such as host forensics tools, Endpoint Detection & Response tools, log analysis and full packet capture to perform hunt and investigative activity to examine endpoint and network-based data.  

  • Populates dashboards with key metrics and processes and deliver technical presentations to various levels of customer leadership. Compiles and presents reports to senior leaders.   

  • Works with stakeholders to implement remediation plans in response to incidents.   

  • Ensures that the IR team has necessary personnel, resources, and skills.  

  • Develops artifacts supporting Information Assurance and Risk Management Framework (RMF) processes. 

 

Basic Qualifications 

  • Masters degree in Computer Science, MIS, or related technical field. 

  • At least 10 years of experience be in the areas of incident detection and response, remediation, malware analysis, or computer forensics.  

  • Typically requires Master's degree with 15 – 20 years of related experience. 

  • Top Secret clearance with ability to obtain and maintain TS/SCI.

  • Strong problem-solving abilities using analytic and qualitative reasoning.  

  • Ability to independently prioritize and complete multiple tasks with little to no supervision.  

  • Ability to accurately capture and document technical remediation details, and ability to brief stakeholders on incident statuses.   

  • Effective communication with customer leadership to disseminate timely updates of critical incidents with an emphasis on attention to detail and accurate reporting.   

  • Experience organizing, directing, and managing operation support functions involving multiple, complex, and interrelated project tasks.  

  • Advanced knowledge of the Incident Response Lifecycle and applicability to various types of incidents.  

  • Ability to collaborate with technical staff and customers to identify, assess, and resolve complex security problems, issues, and risks to facilitate resolution and risk mitigation.  

  • Experience creating processes, playbooks, and SOPs for tools and workflows. Relevant experience should be in the areas of incident detection and response, malware analysis, or computer forensics.  

  • Ability to script in one more of the following computer languages Python, Bash, Visual Basic or PowerShell.  

  • Experience running cyber incident investigations with emphasis on attention to detail and adherence to defined escalation paths.  

  • At least one current DoD 8140 certification 

 

Preferred Qualifications 

  • Experience with virtualized environments (VMware, Red Hat).  

  • Experience working with cloud computing and infrastructure security (AWS, Azure, etc.) to IL6  

  • Experience as a member of agile programs  

  • Experience in Federal Government, DOD or Law Enforcement in CND, CIRT or SOC role  

  • Knowledge of the Cyber Kill Chain and the MITRE ATT&CK framework  

  • Knowledge of Structured Analytic Techniques 

Original Posting Date:

2024-11-27

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $131,300.00 - $237,350.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Apply now Apply later
Job stats:  1  0  0

Tags: Agile APT AWS Azure Bash Clearance Cloud CND Computer Science Cyber Kill Chain DoD DoDD 8140 Forensics Incident response Log analysis Malware MITRE ATT&CK Monitoring NIST PowerShell Python Red Hat Risk management RMF SOC Top Secret Top Secret Clearance TS/SCI VMware

Perks/benefits: Equity / stock options

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.