Leidos is seeking an experienced Top Secret cleared Incident Response (IR) Lead to support a highly visible NSOC position. Reporting to the Leidos NSOC Lead, the NSOC Response Lead is responsible to independently lead teams of operators through the incident response lifecycle. 

The position may require occasional short-term travel to CONUS and OCONUS sites. This position may require an infrequent shift in workday schedule to support exercises occurring over weekends. 

Primary Responsibilities

• Assesses, categorizes, recommends prioritization, develops, reports on, guides, and assumes responsibility for cyber-IR actions in accordance with NIST SP 800-61 Rev. 2. 

• Leads the IR team. 

• Conducts in-depth analysis on hosts and networks, forensic analysis, log analysis, and triage in support of IR. 

• Develops and builds security content, scripts, tools, or methods to enhance the incident investigation processes. 

• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response processes. 

• Utilizes technologies such as host forensics tools, Endpoint Detection & Response tools, log analysis and full packet capture to perform hunt and investigative activity to examine endpoint and network-based data. 

• Populates dashboards with key metrics and processes and deliver technical presentations to various levels of customer leadership. Compiles and presents reports to senior leaders.  

• Works with stakeholders to implement remediation plans in response to incidents.  

• Ensures that the IR team has necessary personnel, resources, and skills. 

• Develops artifacts supporting Information Assurance and Risk Management Framework (RMF) processes.

Basic Qualifications

• Bachelor’s degree and 12 – 15 years of prior relevant experience or Masters with 10 – 13 years of prior relevant experience. May possess a Doctorate in technical domain. Additional years of relevant experience will be considered in lieu of degree.

• Top Secret clearance with ability to obtain and maintain TS/SCI.

• Strong problem-solving abilities using analytic and qualitative reasoning. 

• Ability to independently prioritize and complete multiple tasks with little to no supervision. 

• Ability to accurately capture and document technical remediation details, and ability to brief stakeholders on incident statuses.  

• Effective communication with customer leadership to disseminatetimely updates of critical incidents with an emphasis on attention to detail and accurate reporting.  

• Experience organizing, directing, and managing operation support functions involving multiple, complex, and interrelated project tasks. 

• Advanced knowledge of the Incident Response Lifecycle and applicability to various types of incidents. 

• Ability to collaborate with technical staff and customers to identify, assess, and resolve complex security problems, issues, and risks to facilitate resolution and risk mitigation. 

• Experience creating processes, playbooks, and SOPs for tools and workflows. Relevant experience should be in the areas of incident detection and response, malware analysis, or computer forensics. 

• Ability to script in one more of the following computer languages Python, Bash, Visual Basic or PowerShell. 

• Experience running cyber incident investigations with emphasis on attention to detail and adherence to defined escalation paths. 

• At least one current DoD 8140 certification

Preferred Qualifications

• Experience with virtualized environments (VMware, Red Hat).

• Experience working with cloud computing and infrastructure security (AWS, Azure, etc.) to IL6 

• Experience as a member of agile programs 

• Experience in Federal Government, DOD or Law Enforcement in CND, CIRT or SOC role 

• Knowledge of the Cyber Kill Chain and the MITRE ATT&CK framework 

• Knowledge of Structured Analytic Techniques