Join our talent network

Job #: R-00010384
Location: Arlington, VA
Category: Cyber Security
Schedule (FT/PT): Full time
Travel Required: Yes, 10% of the time
Shift: Day
Potential for Telework: No
Clearance Required: Top Secret
Referral Eligibility: Eligible
Group: Civil

Job Description:

HIRT Network-Based Cybersecurity Lead Analyst
Leidos is looking for a Network-Based Cybersecurity Lead Analyst to provide leadership and vision in incident handling, response, and analysis on a mission-critical program whose purpose is rapid response to cyber incidents and proactive monitoring for malicious cyber activity. This Lead will be responsible for the technical direction and leadership of a team of network-based cybersecurity systems analysts.

Must be U.S. citizen and possess an active TS clearance and ability to obtain TS/SCI.

NOTE: This position is based out of Arlington, VA.

Responsibilities include:
• Organizational/Coordination
o Manage investigation status, progress reporting, risks/issues, scheduling, quality, and continual improvement documentation
o Assist in managing stakeholder relationships; coordinate with other contractors
• Documentation, and Reporting
o Provide accurate, concise reporting
o Identify and document host-based tactics, techniques, and procedures used by an attacker to gain unauthorized system access.
o Track and document CND incidents from initial detection through final resolution.
• Deployment and Data Collection
o Collect intrusion artifacts (e.g., domains, Uniform Resource Identifiers (URIs), certificates, etc.) and use discovered data to enable mitigation of potential CND hunts and incidents
o Assess network topology and network device configurations identifying critical security concerns and provide recommendations to address architecture concerns (e.g., external internet traffic bypassing firewall boundary) and network device configuration concerns (e.g., default administrator account on a network device).
o Collect network device integrity data, utilizing specialized tools, to detect unauthorized access, software modifications, and hardware modifications
o Aide in the scoping and hypothesis gathering process pre-deployment.
• Hunt and Discovery
o Investigating targeted threat actors of various categories such as Nation State Actors, hacktivist groups, commodity malware, script kiddies, more.
o Perform analysis of log files from a variety of host sources to identify threats
o Identify and document network based tactics, techniques, and procedures used by an attacker to gain unauthorized system access.
o Perform analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, intrusion detection system logs, Domain Name System (DNS) logs) to identify threats
o Ability to recognize malicious TTPs and IOCs in pursuit of a threat adversary on network using network based monitoring solutions.
• Post Discovery Analysis
o Analyze identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information.
o Network Forensics analysis using industry standard tools and techniques (PCAP, various log types, etc)
o Surface/Run-Time malware analysis - triaging quick indicators for added network hunt activities utilizing industry standard tools
o Lateral Movement Analysis via a knowledge of network and authentication and other log types.
o Perform forensically sound collection of logs and signatures and inspect to discern possible mitigation/ remediation on enterprise systems
• Ancillary skills
o Perform real-time CND Incident Handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable incident response teams.
o Programming and or Scripting Skills to include Python, Ruby, Perl, C, C#, .NET, etc.
o Automation and data normalization skills.
o Familiarity with virtual environment, on premise and public cloud environments, hybrid environments, etc.


• EDUCATION & EXPERIENCE: Requires BS degree and 12 - 15 years of prior relevant experience or Masters with 10 - 13 years of prior relevant experience. May possess a Doctorate in technical domain.
• Active TS clearance; Ability to obtain a TS/SCI clearance
• Intimate knowledge and hands-on experience in cybersecurity, incident response, and analysis; digital forensics; security vulnerabilities/weaknesses; network security issues, and encryption technologies
• Proficient in malicious activity detection, incl. automatic detection and characterization; reactive countermeasures; proactive defenses; threat assessment; damage assessment; reverse engineering, IDS; malware and anti-virus support; and RDBMS admin, query, and report generation
• Ability to characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
• Possess at least one active certification from the following: CISSP, GCFE, GCFA, GCED, GREM, GNFA, EnCE, GCIA, GNFA, GCIH, CEH, or CSIH
• Very strong hands-on experience with at least three of the following tools: Volcano Pro, Volexity Surge Collect Pro, Bro Network Analysis, Splunk, Tanium End Point Detection and Response, Elastic ELK Open Source Tool Stack, and SNORT N/W Intrusion Detection System
• Knowledge of defense-in-depth principles and general attack stages with respect to network security architecture
• Skill in preserving evidence integrity according to standard operating procedures or national standards.
• Experienced and adept at developing and maintaining technical documents, analyses, and reports.
• Experience presenting briefings to senior customer management, customer stakeholders, and company management; and
• Excellent verbal and written communications skills

• Possess more than one active certification from the following: CISSP, GCFE, GCFA, GCED, GREM, GNFA, EnCE, GCIA, GNFA, GCIH, CEH, CSIH, OSCP, or OSCE
• Experience in incident handling for nation state-sponsored operational threat environment


Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 32,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit .

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .

Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to .

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.

Talent Community

Join our Talent Community to create a profile, enabling a streamlined application process and to help our recruiters better understand your areas of expertise and interest.

Join our Talent Community