The Defense Group of Leidos has an opening for an Endpoint / Threat Detection Analysis & Coordination Analyst supporting the Global Information Grid (GIG) Service Management-Operations (GSM-O) contract at Ft. Meade, MD.
The selected candidate will support the detection, monitoring, correlation, and prevention of cyber threat activity targeting the DODIN. In addition, they will understand the details of Named Areas of Interest and advanced persistent threats that impact the DODIN with an in-depth knowledge and ability to analyze, track, correlate, harvest, trend, and report on the unique TTPs utilized.
The candidate will support GSMO Task Order 30
- Configure, maintain, and utilize JFHQ-DODIN and CC/S/A/FA capabilities in order to detect, monitor, track, and analyze malicious activity targeting the DoD.
- Consume, review, correlate, and report on high priority DoD, Intelligence, and USG operational reporting of threat and vulnerabilities to correlate similar incidents/events, malicious tradecraft, TTPs of malicious activity, and indicators utilized to impact or target the DODIN.
- Develop consolidated notification and updates to the JFHQ-DODIN JDOC on threat and vulnerability activity.
- Develop, obtain government approval, and release situational awareness reports/products; operational directives/order and coordination messages; and quarterly threat analysis reports and metrics.
- Review, analyze, and maintain the content of a DoD indicator database to aid in the detection and mitigation of threat activity.
- Update DoD shared situational awareness mechanisms including JFHQ-DODIN websites, Wikipedia style solutions, and collaboration / chat mechanisms.
- Develop and present cyber threat briefings, presentations, and papers to JFHQ-DODIN leadership to ensure situational awareness and status are conveyed related to the assigned project areas.
- Operate as the DoD community leader for the discovery of threat activity and associated indicators. Determine sophistication, priority, and threat level of identified malware and intrusion related TTPs.
- Develop metrics and trending/analysis reports of malicious activity used to compromise the DODIN. Develop, staff, and release analysis findings in technical analysis reports to DoD Community. Manage a DoD prioritization process to identify priority threats and vulnerabilities that are impacting the DODIN.
- Develop signatures for use within DoD threat detection capabilities to detect potentially malicious activity on the DODIN. Coordinate with JFHQ-DODIN partner organizations to distribute, receive, and conduct analysis on vulnerability and threat information that impacts the DODIN.
- Active DoD TS/SCI clearance and eligible for polygraph
- Bachelor’s Degree w/ 4-8 years of related experience
- Previous tools experience working with ArcSight, Splunk, PCAP, JIMS or equivalent toolsets.
- Technical understanding in some of the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication installation, or malware types), or intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, or open source information collection)
- Experience in an Operations Center providing Senior Leaders specified reports based on information received from supporting units.
- Have working knowledge of threat and vulnerability analysis, routing protocols, routing, intrusion detection systems, intrusion protection systems, Domain Name Service, or network traffic analysis.
- Critical/logical thinking skills
- Experience working with the Intelligence Community and priority intelligence requirements
- Advanced communications and presentations skills (verbal and written) enabling precise conveyance of information across all CC/S/A/FA with command and proper enunciation of the English language
- DoD 8570 Requirements IAM Level III
- ITIL v3 Foundation certified
External Referral Eligible
External Referral Bonus:Eligible
Potential for Telework:No
Clearance Level Required:Top Secret/SCI
Scheduled Weekly Hours:40
Job Family:Cyber Security
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.