Leidos' Security Architecture and Engineering (SAE) Group has an immediate opening for an experienced and motivated Development Security Engineering (DSE) Team Lead. In this role, you will work with Security Engineers and Analysts in the organization to design, develop, and deploy custom capabilities that cannot be achieved with commercial security products today. You will focus primarily on leading technical innovations, and content development for Leidos CyberSecurity Operations (CSO) by supporting Security Orchestration Automation and Response (SOAR), Open Source based Intrusion Detection Systems (OS-IDS), and Open Source Automated Threat Indicators Sharing projects. If selected for this role, you will have the opportunity to lead a team of skilled developers and cybersecurity practitioners pushing the envelope, expanding Leidos' detection capabilities beyond that of traditional cybersecurity solutions.
This position can be supported from one of our following locations: Gaithersburg - MD, Orlando - FL, or Reston - VA
- Lead a team of motivated software developers and cybersecurity practitioners to design, build and deploy custom sensing and orchestration capabilities to protect Leidos core networks, endpoints, and data.
- Lead the optimization and performance of custom developed capabilities to maximize performance and response times.
- Lead the technical orchestration effort to integrate disparate commercial cybersecurity vendor solutions into one cohesive solution.
- Work with Incident Responders and Analysts to tune out extraneous IDS alerting, threat information, and metadata to improve detection reliability
- Develop and Document custom capability maintenance Processes and Procedures used by operators
- Act as technical Subject Matter Expert for the cyber security capabilities we develop to defend the global Leidos network.
- Develop cybersecurity technical roadmaps to drive constant cyber transformation and improvements in Leidos' defensive posture
- Bachelor's degree and minimum 12 years of experience as a software engineer. Additional years of relevant experience may be considered in lieu of Bachelor's degree.
- Familiar with common Systems Development Lifecycle (SDLC) processes and with DevOps processes and continuous integration/continuous delivery (CI/CD) principles.
- Must have some previous exposure to cybersecurity concepts, regulations, or best practices.
- Ability to write and verbally communicate technical and risk-related concepts effectively to both technical and non-technical audiences.
- Must have strong problem-solving and analytical skills
- Demonstrate poise and ability to act calmly and competently to technical and non-technical challenges.
- Must have strong interpersonal and networking skills.
- US citizenship is required and able to obtain security clearance
- Experience designing and implementing Open Source Network IDS solutions based on at least one open source tool (Snort, Suricata, Bro)
- Good understanding of IDS configuration and tuning on at least one tool (Snort, Suricata, Bro)
- Strong Understanding of TCP/IP, Networking, and Network Security Concepts
- Linux System Administration Experience or experience with Linux Performance Tuning/Linux Configuration Management tools like Ansible, Puppet, or Chef
- Experience with high-speed packet capture (10 Gbps or greater)
- Experience with a leading SOAR technology (Demisto, Phantom, and Siemplify are common examples).
- Experience with open source threat sharing platforms (MISP, custom applications leveraging STIX/TAXII frameworks are common examples).
- GIAC GCIA Certification or other cyber security certifications are a plus
External Referral Bonus:
Potential for Telework:
Clearance Level Required:
Yes, 10% of the time
Scheduled Weekly Hours: