Leidos has a current job opportunity for a Security Operations Center (SOC) Lead on the DISA GSM-O program in Alexandria, VA.
This position is responsible for leading the Joint Service Provider (JSP) Security Operations Center (SOC). The SOC consists of a variety of highly-skilled, technical staff performing cyber incident handling, fusion analysis, non-compliance reporting, user activity monitoring, and malware and forensic analysis. Furthermore, the SOC lead coordinates 24x7 staffing to support mission-critical operations, including incident response, and manages surge support.
Plan, direct, and manage day-to-day activities across the Security Operations Center as well as high-tempo, high-visibility incident response, when required
Drive implementation and adoption of new tools, capabilities, frameworks, and methodologies across all teams within the SOC
Accountable for the timeliness and quality of reporting produced by the SOC
Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations
Promote and drive implementation of automation and process efficiencies
Bachelor's degree and 10+ years of prior cybersecurity experience. Additional work experience or Cyber courses/certifications may be substituted in lieu of degree
4+ years of supervising and/or managing teams
5+ years of intrusion detection and/or incident handling experience
DoD 8570 IAT III and CSSP Incident Responder certifications required upon start.
Advanced knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) and/or Security Operations Center (SOC) operations in an organization in a large, complex environment.
Significant experience supervising and leading employees of various labor categories and technical skill levels in efforts similar in size and scope as the JSP DCO mission.
Mature understanding of industry accepted standards for incident response actions and best practices related to SOC operations;
Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.
Strong analytical and troubleshooting skills.
Must be Top Secret - Sensitive Compartmented Information (TS/SCI) Eligible (DIA Adjudicated or capable of reciprocal acceptance by DIA)
Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large-scale incident response.
Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
External Referral Bonus:
Potential for Telework:
Clearance Level Required:
Scheduled Weekly Hours: