Join our talent network

Job #: TR-650242
Location: Arlington, VA
Category: Cyber Security
Schedule (FT/PT): Full time
Travel Required: Yes, 25% of the time
Shift: Day
Potential for Telework: No
Clearance Required: Top Secret/SCI
Referral Eligibility: Ineligible
Group: Civil

Job Description:

Leidos is looking for a Host-Based Cybersecurity Lead to provide cyber leadership on a mission-critical program whose purpose is rapid response to cyber incidents and proactive monitoring for malicious cyber activity. This Lead will be responsible for oversight of the host-based system analysis on the program, including analysis of hosts on a variety of platforms and operating systems, open source monitoring, incident tracking, intrusion artifact collection, incident mitigation, forensic collection, correlation of incident data for reports, and making recommendations that enable expeditious remediation. This Lead will work closely with the Network-Based Lead to determine joint recommendations and strategies for incident mitigation. • Demonstrated experience/knowledge of system administration and operating system hardening techniques • Knowledge of Computer Network Defense (CND) policies, procedures, and regulations • Demonstrated knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution, etc.) • Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored]) • Knowledge of attack stages (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.) • Knowledge of incent response and handling methodologies • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code) • Skill in preserving evidence integrity according to standard operating procedures or national standards • Skill in protecting a network against malware • Skill in recognizing and categorizing types of vulnerabilities and associated attacks • Ability to correlate incident data to specific vulnerabilities and make recommendations that enable expeditious remediation • Familiarity with a variety of platforms and operating systems, including Microsoft Windows, Mac Operating System, UNIX, Linux, embedded systems, mainframe • Bachelor's degree with 12 years of relevant experience or Master's degree with 10 years of relevant experience • 5 years of experience supervising or leading teams or projects, including management of teams of CND technicians to resolve CND incidents • Active Top Secret clearance with SSBI; Ability to obtain a TS/SCI clearance • Active CAP, GSLC, CISM, or CISSP certification
MINIMUM REQUIRED QUALIFICATIONS: • Demonstrated experience/knowledge of providing incident response and handling using established best practices/methodologies• Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)• Demonstrated experience in recognizing and categorizing types of vulnerabilities and associated attacks• Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored])• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code)• Bachelor's degree with 12 years of relevant experience or Master's degree with 10 years of relevant experience• 5 years of experience supervising or leading teams or projects• Active Top Secret clearance with SSBI; Ability to obtain a TS/SCI clearance• Active CAP, GSLC, CISM, or CISSP certificationADDITIONAL DESIRED QUALIFICATIONS: • Knowledge of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident• Knowledge of basic system administration and operating system hardening techniques• Knowledge of CND policies, procedures, and regulations• Demonstrated strong operational expertise in one or more of the following CND tools: Splunk, Palo Alto, Network Firewalls, SourceFire/Cisco IPS, BRO, FireEye, AirTight and Solera.• Experience in identifying the root cause of an incident and recognize the key elements to investigate with the customer to get the root cause of an incident• Cyber operations management experience and responsibility leading cyber programs for government and/or commercial customers• Ability to quickly identify and coordinate staffing needs for surge and emergency operations• Knowledge of Cyber Operations including Incident Response, Hunt, Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA)• Experience coaching and leading cyber analysts and/or IT engineers• CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization• In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk)• Experience and proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics• Other Active Cyber Certification(s), such as GIAC Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCase Certified Examiner (EnCE), GIAC Network Forensic Analyst (GNFA), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH), etc.

External Referral Bonus:
Ineligible

Potential for Telework:
No

Clearance Level Required:
Top Secret/SCI

Travel:
Yes, 25% of the time

Scheduled Weekly Hours:
40

Shift:
Day

Requisition Category:
Professional

Job Family:
Cyber Security

2000

Civil
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 31,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.17 billion for the fiscal year ended December 29, 2017. (NYSE: LDOS) All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

Talent Community

Join our Talent Community to create a profile, enabling a streamlined application process and to help our recruiters better understand your areas of expertise and interest.

Join our Talent Community