Cybersecurity Engineer
Role details
Job location
Tech stack
Job description
The Defense Sector at Leidos is looking for a Senior Cybersecurity Engineer to support a fast-paced program with Air Force Life Cycle Management Center. The Senior Cybersecurity Engineer will provide comprehensive Security Operations Center (SOC) support to a weapons system program with the Air Force. This role is a critical member of the 24x7 security and network operations center team, ensuring the security and integrity of program IT infrastructure, protecting sensitive data, and mitigating cyber threats. The ideal candidate will have a strong technical background in cybersecurity principles, tools, and best practices.
This position will require 100% on-site work with no remote work supported.This role will support 24x7 operations and requires shift rotations on a regular basis. Shift assignments will be based on program requirements and your preference, but some flexibility may be required., * Provide SOC and Incident Response support, including coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for events and incidents.
- Monitor and reply to events and alerts from the SIEM, monitoring tools, and other network tools.
- Investigate events of interest and escalating to senior NOC / SOC members.
- Drive incidents from discovery to closure and reporting, with comprehension of escalation procedures and criteria.
- Categorize incidents and partner with appropriate authorities in the production of security incident reports.
- Build timelines, documents, briefings, and other products as required to inform stakeholders of incident response actions, analysis, and the impact of both the incident and remediation actions taken.
- While not in a period of incident response, you will conduct exercises and dry runs to improve response outcomes in the event of a cyber-incident.
- Integrate with Information Assurance (IA) team to support policy updates and continuous monitoring activities in support of Authorization to Operate (ATO) maintenance.
- Provide enterprise recommendations to remediate environment wide issues, support continuous process improvement, and report analysis.
- Investigate compromised endpoints, identifying indicators of compromise (IOC) within the environment and conveying to stakeholders the impact of discovered events., Linux DevOps Ansible Firewall NIST 800 Equities Scripting Terraform Automation Subnetwork Market Data NIST 800-37 NIST 800-53 AI Security Open Mindset Communication Routing Table Cloud Security System Software Network Routing Ancient History Network Security Agile Methodology Security Analysis Workflow Management Amazon Web Services Cloud Infrastructure Technological Change Programming Languages Continuous Monitoring Vulnerability Scanning Command-Line Interface Database Administration Security Implementation Bash (Scripting Language) Assessment And Authorization Information Systems Security Scrum (Software Development) Infrastructure as Code (IaC) Security Requirements Analysis Virtual Private Networks (VPN) Systems Development Life Cycle Software Development Life Cycle AWS Certified Cloud Practitioner Troubleshooting (Problem Solving) Certified Information Systems Security Professional Top Secret-Sensitive Compartmented Information (TS/SCI Clearance) +0
Google IT Support Threat Detection Engineer Leidos Arlington, VAOn-Site Splunk Equities Dashboard Scripting Leadership Automation Innovation Mathematics Market Data Self-Starter Cyber Security Problem Solving Query Languages Ancient History Threat Detection Incident Response Windows PowerShell Workflow Management Workflow Automation GIAC Certifications Digital Transformation MITRE ATT&CK Framework Cyber Threat Intelligence Python (Programming Language) GIAC Cyber Threat Intelligence GIAC Certified Intrusion Analyst GIAC Certified Forensics Analyst GIAC Certified Forensic Examiner Troubleshooting (Problem Solving) Certified Information System Auditor (CISA) Security Information And Event Management (SIEM) +0 Security Engineer TEKsystems Herndon, VARemote Splunk FedRAMP Auditing DevSecOps Operations Automation ServiceNow Web Traffic NIST 800-53 Communication Investigation Observability Data Security Microsoft 365 Insider Threat Email Security XML Validation Data Governance Active Directory Digital Forensics Endpoint Security Windows PowerShell Business Valuation Nodes (Networking) Amazon Web Services Information Privacy Compliance Auditing Cloud Collaboration Data Classification Secure Web Gateways Data Loss Prevention Full Stack Development API System Integration Artificial Intelligence Business Transformation Red Hat Enterprise Linux Critical Illness Insurance Software As A Service (SaaS) Extract Transform Load (ETL) Python (Programming Language) Transport Layer Security (TLS) Endpoint Detection And Response Extensible Markup Language (XML) Troubleshooting (Problem Solving) Transmission Control Protocol (TCP) SMTP (Simple Mail Transfer Protocol) Security Information And Event Management (SIEM)
Requirements
DevSecOps Operations Leadership Management Automation Market Data Coordinating Self-Starter Cyber Security Cloud Security Problem Solving Report Analysis Ancient History Agile Methodology Incident Response CompTIA Security+ IT Infrastructure Endpoint Security Cyber Engineering Incident Reporting Lifecycle Management Top Secret Clearance Escalation Procedures System Administration Information Assurance Continuous Monitoring Cloud-Native Computing MITRE ATT&CK Framework Vulnerability Assessments Authorization (Computing) Cyber Threat Intelligence IAT Level II Certification Verbal Communication Skills Continuous Improvement Process Troubleshooting (Problem Solving) Security Information And Event Management (SIEM) Certified Information Systems Security Professional Top Secret-Sensitive Compartmented Information (TS/SCI Clearance), * US Citizen with at least a Top Secret clearance and the ability to obtain a SCI prior to your start date. In addition, the ability to maintain your clearance during your employment with Leidos
- Bachelor's Degree with 12+ years of experience or Master's degree with 10+ years of experience. Additional experience may be considered in lieu of a degree
- Must have an active DoD IAT Level II certification, prior to start (e.g. Sec+, CISSP)
- Incident Response experience
- Knowledge of MITRE ATT&CK principles
- Systems administration experience - desktop and server systems connected to local and wide area networks
- Knowledge Management skills to follow and create documentation.
- Experience with Splunk, ACAS, ESS
- Excellent problem-solving skills and troubleshooting skills
- Motivated self-starter with strong written and verbal communication skills for collaborating with technical and non-technical stakeholders, and the ability to create complex technical reports on analytic finding
Preferred Qualifications:
- Working knowledge of cloud security and related tools for incident response
- Experience securing classified DoD networks, such as networks connected to SIPR or JWICS
- Knowledge of cloud-native security information and event management (SIEM) tools
- Knowledge of cloud-native endpoint security tools
- Experience with Agile framework and DevSecOps
- Familiarity with incident response processes and tools
- Experience with scripting or automation tools for security tasks
- Ability to work in a dynamic environment and adapt to changing priorities
- Experience using and interpreting vulnerability assessment or scanning tools such as Nessus
Benefits & conditions
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits .