Leidos is looking for a Chief Cybersecurity Engineer to support a large opportunity for Leidos supporting operations for Integrated Information & Cyber Security Services including Enterprise Operations, End User Support, Software Engineering, Cloud technologies and Cyber Security. The Senior Engineer maintains a system engineering life-cycle, including requirements analysis, design, development, integration, scripting, test, documentation, and implementation following defined best practices and operational workflows. The work includes scheduling and prioritizing in accordance with organizational needs and establishing buy-in for the prioritization and activities. The engineer engages infrastructure solution design and architecture, information assurance, advisory, compliance, and risk management support. In addition, the position involves establishing and maintaining the schedule for delivery, deliver regular reporting, and track improvements across the environment.
Responsible for the following tasks:
• Conceptualize, Design, Build, and Maintain current and future ESOC supported tools and platforms.
• Serve as the senior engineer/architect to build the capabilities of the GSOC.
• Establish the rhythm for developing, deploying, tuning, and improving infrastructure; track and report on the progress and improvements; and partner with the program management to deliver continual improvements.
• Manage multiple assignments, changing priorities, and work independently with little oversight.
• Support the onboarding of data into Splunk via forwarder, scripted inputs, TCP/UDP and modular inputs from sources such as FireEye, BlueCoat proxies, Big IP, Cisco, Palo Alto, and host syslogs.
• Deliver support and guidance and develop processes to evaluate and improve all operating systems, hardware support, software, firmware solutions and provide advisement concerning future purchase of the same.
• Create, manage, and support automation solutions for Splunk deployment and orchestration within a Cloud environment.
• Work closely with senior engineers, other team members and application owners to solve technical problems at the network, system and application levels.
• Conduct periodic architectural reviews of installed sensors to assess effectiveness and propose optimal installation alternatives as required.
• Conduct network security architecture reviews to determine the size, and placement of intrusion monitoring equipment during the customer onboarding process.
• Conduct periodic reviews of sensor metric reports to evaluate and prioritize sensors for review and assessment.
• Identify and make recommendations for security tools, systems and capabilities to meet customer security requirements.
• Documentation and reporting along with presentation, teamwork and DoE NNSA wide collaboration are among the expected duties and mission of the task order.
• Active TOP SECRET SCI clearance and/or U.S. Department of Energy Q clearance
• U. S. Citizen
• Bachelor's degree in an information technology discipline from an accredited college or university is required and 8 years of experience on IT/cybersecurity.
• At least 5 years of experience working in a SOC or similar monitoring center.
• Staff shall meet DoD 8570 SD 205.1
• IAT III Certified
• Prefer at least one of the following certifications (or similar relevant certification): CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CCSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX
• Cyber threat intelligence
• Network traffic analysis and packet capture inspection
• Malware analysis, advance analysis, analytic and methods development
• Hunting/discovery analysis
• Incident response and triage
• Alerts, incident handling and notifications
• Digital media analysis
• Network signature development
• MS Project, SharePoint, EPM Live, Visio and MS Office
• Information Technology Infrastructure Library (ITIL) capabilities
• Excellent verbal and written communication skills required.
• Experience administering Linux OS, particularly RedHat Enterprise
• Deep packet analysis skills using such tools like; Wireshark, Bro, etc. for layer 7 intelligence.
• Cloud and VMWare skills - Understanding of cloud terminology, architecture, and tools to include: installing, provisioning and monitoring
• Strong capabilities to assist with automating manual installation and maintenance/patching tasks and utilization of such tools as provisioning environments with Ansible, and Docker
• Experience with VMware & Ansible/Ansible Tower and/or Terraform
• Experience with data administration automating management of large (multi PB) S3 storage pools
• Experience working in AWS and Azure
• Experience working in an Agile development environment.
• Extensive database experience with two of SQL Server, MySQL, or Oracle