Incident Response Analyst

The Department of Homeland Security (DHS), Security Operations Center (SOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a new shared DHS incident tracking system and other means of coordination and communication. Leidos is seeking a Senior Incident Response Analyst to join our team on this highly visible DHS CISA SOC Program.

The Incident Responder will perform the following:

• Coordinate investigation and response efforts throughout the Incident Response lifecycle
• Correlate and and analyze events and data to determine scope of Cyber Incidents
• Acquire and analyze endpoint and network artifacts, volatile memory, malicious files/binaries and scripts
• Recognize attacker tactics, techniques, and procedures as potential indicators of compromise (IOCs) that can be used to improve monitoring, analysis and Incident Response.
• Develop, document, and maintain Incident Response process, procedures, workflows, and playbooks
• Tune and maintain security tools (EDR, IDS, SIEM, etc) to reduce false positives and improve SOC detection capabilities
• Document Investigation and Incident Response actions taken in Case Management Systems and prepare formal Incident Reports
• Create metrics and determine Key Performance Indicators to drive maturity of SOC operations
• Develop security content such as scripts, signatures, and alerts

Writing Research Firewall Equities Scripting Operations Leadership Automation Innovation Market Data Coordinating Self-Starter Communication Investigation Proxy Servers Cyber Security Prioritization Issue Tracking Security Tools Problem Solving Network Routing Volatile Memory Ancient History Computer Science Malware Analysis Support Services Operating Systems Incident Response Windows PowerShell Policy Enforcement Workflow Management GIAC Certifications Relationship Building Information Technology, Virtual Private Networks (VPN) Endpoint Detection And Response GIAC Certified Incident Handler GIAC Certified Intrusion Analyst GIAC Certified Forensics Analyst GIAC Certified Forensic Examiner Key Performance Indicators (KPIs) Offensive Security Certified Professional Dynamic Host Configuration Protocol (DHCP) Certified Information System Auditor (CISA), Bachelors' degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field and 12-15 years of related experience. Additional years of experience and/or cyber certifications may be considered in lieu of degree.

In-depth knowledge of each phase of the Incident Response life cycle

• Expertise of Operating Systems (Windows/Linux) operations and artifacts

• Expertise of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices (Firewalls, Proxies, Load Balancers, VPN, etc)

• Ability to recognize suspicious activity/events, common attacker TTPs, and perform logical analysis and research to determine root cause and scope of Incidents

• Expertise with Cyber Kill Chain and have utilized the ATT&CK Framework

• Have scripting experience with Python, PowerShell, and/or Bash

• Ability to independently prioritize and complete multiple tasks with little to no supervision

• Flexible and adaptable self-starter with strong relationship-building skills

• Strong problem-solving abilities with an analytic and qualitative eye for reasoning

• Strong verbal and written communication skills *Ability to communicate with all levels of audiences (subordinates, peers & leadership)

• Candidate must have technical hands on experience in the areas of incident detection and response, malware analysis, or computer forensics.

All Department of Homeland Security SOC employees are required to favorably pass a 5-year (BI) Background Investigation.

Candidates will have at least one of the following certifications:

SANS GIAC: GCIH, GCIA, GCFA, GPEN GCFE, GREM

CISSP OSCP, OSCE, OSWP

Preferred Qualifications

Experience in cyber government, and/or federal law enforcement FISMA systems.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 - and moving faster than anyone else dares., Scalability Market Data Coordinating Communication Data Analysis Cyber Security Issue Tracking Cloud Security Problem Solving Ancient History Customer Service Network Security Product Planning Disaster Recovery Policy Enforcement Amazon Web Services Artificial Intelligence Cyber Incident Response Certified Ethical Hacker Cyber Threat Intelligence Robotic Process Automation Intrusion Detection Systems Continuous Improvement Process Customer Relationship Management Certified Information Security Manager Security Information And Event Management (SIEM) Secret Internet Protocol Router Network (SIPRNet) Certified Information Systems Security Professional, Operations Leadership Automation Innovation Market Data Coordinating Self-Starter Communication Investigation Proxy Servers Cyber Security Prioritization Issue Tracking Security Tools Problem Solving Network Routing Volatile Memory Ancient History Computer Science Malware Analysis Support Services Operating Systems Incident Response Windows PowerShell Policy Enforcement Workflow Management GIAC Certifications Relationship Building Information Technology, Scalability Market Data Coordinating Communication Data Analysis Cyber Security Prioritization Open Standards Problem Solving Ancient History Secret Clearance Product Planning Incident Response Artificial Intelligence Cyber Incident Response Continuous Improvement Process Certified Information Security Manager CompTIA Advanced Security Practitioner (CASP+) CISCO Certified Network Professional - Security Certified Information Systems Security Professional Top Secret-Sensitive Compartmented Information (TS/SCI Clearance) +0

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits .

At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success. We empower our teams, contribute to our communities, and operate sustainable. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business. If this sounds like the kind of environment where you can thrive, keep reading! The Digital Modernization Sector brings together our digital transformation and IT programs, allowing us to better serve our customers through scale and repeatability. Leidos has a critical need for a Senior Incident Response Analyst to support the DHS CISA Program., Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com .