Join our talent network

Job #: R-00010386
Location: Arlington, VA
Category: Cyber Security
Schedule (FT/PT): Full time
Travel Required: Yes, 10% of the time
Shift: Day
Potential for Telework: Yes
Clearance Required: Top Secret
Referral Eligibility: Eligible
Group: Civil

Job Description:

HIRT Host-Based Cybersecurity Lead Analyst
Leidos is looking for a Host-Based Cybersecurity Lead Analyst to provide leadership and vision in incident handling, response, and analysis on a mission-critical program whose purpose is rapid response to cyber incidents and proactive monitoring for malicious cyber activity. This Lead will be responsible for the technical direction and leadership of a team of host-based cybersecurity and digital forensics systems analysts.

Must be U.S. citizen and possess an active TS clearance and ability to obtain TS/SCI.

NOTE: This position is based out of Arlington, VA.

Responsibilities include:
• Organizational/Coordination
o Manage investigation status, progress reporting, risks/issues, scheduling, quality, and continual improvement documentation
o Assist in managing stakeholder relationships; coordinate with other contractors
• Documentation, and Reporting
o Provide accurate, concise reporting
o Identify and document host-based tactics, techniques, and procedures used by an attacker to gain unauthorized system access.
o Track and document CND incidents from initial detection through final resolution.
• Deployment and Data Collection
o Collect intrusion artifacts (e.g., domains, Uniform Resource Identifiers (URIs), certificates, etc.) and use discovered data to enable mitigation of potential CND hunts and incidents
o Understanding of network architecture/engineering standards and methods of securing networks and strong background of network administration/system administration.
o Aide in the scoping and hypothesis gathering process pre-deployment.
• Hunt and Discovery
o Investigating targeted threat actors of various categories such as Nation State Actors, hacktivist groups, commodity malware, script kiddies, more.
o Perform analysis of log files from a variety of host sources to identify threats
o Host forensics to include performing endpoint detection and response/hunt
o Ability to recognize malicious TTPs and IOCs in pursuit of a threat adversary on network using endpoint agent based solutions.
• Post Discovery Analysis
o Reverse Engineering/Malware Analysis using industry standard tools
o Digital Forensics utilizing industry standard tools
o Artifact Analysis - the analysis of files that may or may not be binary's used for in depth analysis but the general analysis of files from various operating systems to determine relation to threat actor activity (target files, residual changes, etc)
o Lateral Movement Analysis via a knowledge of network and authentication and other log types.
o Perform forensically sound collection of images and inspect to discern possible mitigation/ remediation on enterprise systems
• Ancillary skills
o Perform real-time CND Incident Handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable incident response teams.
o Programming and or Scripting Skills to include Python, Ruby, Perl, C, C#, .NET, etc.
o Automation and data normalization skills.
o Familiarity with virtual environment, on premise and public cloud environments, hybrid environments, etc.

MINIMUM REQUIRED QUALIFICATIONS:

• EDUCATION & EXPERIENCE: Typically requires BS degree and 12 - 15 years of prior relevant experience or Masters with 10 - 13 years of prior relevant experience. May possess a Doctorate in technical domain.
• Active TS clearance; Ability to obtain a TS/SCI clearance
• Experience in providing leadership and vision in incident handling, response, and analysis
• Intimate knowledge and hands-on experience in cybersecurity, incident response, and analysis; digital forensics; security vulnerabilities/weaknesses; network security issues, and encryption technologies
• Proficient in malicious activity detection, including automatic detection and characterization; reactive countermeasures; proactive defenses; threat assessment; damage assessment; reverse engineering, IDS; malware and anti-virus support; and RDBMS admin, query, and reports
• Possess at least one active certification from the following: GCFE, GCFA, GCED, GREM, GNFA, EnCE, GCIA, GNFA, GCIH, , or CSIH
• Demonstrated experience/knowledge of incident response and handling methodologies
• Very strong hands-on experience with at least three of the following tools: Volcano Pro, Volexity Surge Collect Pro, Bro Network Analysis, Splunk, FireEye HX, Encase, AccessData Forensics Tool kit, Bro Network Analysis, Surricata, Tanium End Point Detection and Response, Elastic ELK Open Source Tool Stack, and SNORT N/W Intrusion Detection System
• Experience in identifying different classes of attacks and attack stages
• Knowledge of system and application security threats and vulnerabilities
• Ability to analyze digital media (e.g., logs, code, phones, hard drives, memory dumps, etc.) to determine attack vectors and develop mitigation techniques
• Ability to perform forensic analysis on common operating system environments, e.g., MS Windows, Mac OS, UNIX, Linux, Solaris
• Ability to perform real-time CND hunt and incident handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks
• Ability to perform ad-hoc data analysis including on-the-fly onsite data integration and scripting
• Experienced and adept at developing and maintaining technical documents, analyses, and reports.
• Experience presenting briefings to senior customer management, customer stakeholders, and company management; and
• Excellent verbal and written communications skills

ADDITIONAL DESIRED QUALIFICATIONS:
• Possess more than one active certification from the following: CISSP, GCFE, GCFA, GCED, GREM, GNFA, EnCE, GCIA, GNFA, GCIH, CEH, CSIH, OSCP, or OSCE
• Experience in incident handling for nation state-sponsored operational threat environments

www.Leidos.com .

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .

Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to spam.leidos@leidos.com .

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.

Talent Community

Join our Talent Community to create a profile, enabling a streamlined application process and to help our recruiters better understand your areas of expertise and interest.

Join our Talent Community