Leidos is seeking an Incident Response Analyst, who will perform advanced data mining and event correlation to hunt for potential security incidents and analyze and validate tier 2 findings. JRSS is a multi-year, global effort to improve the DoD's security posture and provide enhanced security capabilities and analytics by centralizing and virtualizing network security into regional stacks rather than locally distributed appliances. This position is responsible for providing configuration, implementation, configuration and ongoing performance enhancement work for SourceFire appliances installed in the JRSS environment.
In this role, you will work with customer CSSP organizations to provide proper visibility and reporting of findings. You will also work with cyber tool development teams to identify, define, and help write SIEM content; support the tuning of IPS and IDS systems; and recommend enhancements to methods and capabilities.
- Perform advanced data mining and event correlation to hunt for potential security incidents
- Analyze and validate tier 2 findings.
- Work with customer CSSP organizations to provide proper visibility and reporting of findings.
- Work with tool integration and deployment teams to support new SIEM content, updated IPS and IDS configurations, validate new capabilities
- Bachelor's degree from an accredited college in a related discipline, or equivalent experience/combined education, with 4 or more years experience.
- Experience in handling security events in mission critical environments; hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests.
- Experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations etc.
- Good understanding of security incident response techniques
- Experience analyzing system and application logs to investigate security issues and/or complex operational issues.
- Good knowledge of Threat Detection Tools, IDS/IPS, Network Packet Analysis, and Endpoint Protection.
- Experience with utilizing SIEM (such as ArcSight, Splunk, etc.) in investigating security issues and / or complex operational issues on Windows and Linux/Unix .
- Good knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases).
- Per contract requirements, U.S. citizenship and an active DoD Secret clearance is required. In addition, you must be able to successfully obtain up to Top Secret based on requirements from the customer and program.
- DoD 8570 certification is required
- Experience with Elastic Search and Splunk
External Referral Eligible