Cyber Transformation Lead

The Leidos DCSB program in support of Army C5ISR CSSP has an immediate opening for an experienced, and motivated Cyber Transformation Lead.

This role has primary responsibility closely work with the DCSB Chief Technology and Development government lead to identify, develop, and operationalize Cyber Capabilities solutions in support of the C5ISR CSSP.  The role focuses on defining and supporting the implementation of the DCSB CSSP Strategic Transformation.  This role is expected to "think like an adversary" and provide analyst-centric input into every phase of the Cyber Capabilities development process by gathering requirements from within the CSSP team, Leidos and industry and using related experience to guide key solutioning.  Additionally, this role is expected to provide written documentation in support of the Cyber Capabilities mid-term (2-5 year) strategy, a road map highlighting the implementation of that strategy, and contribute to the technical innovation that will evolve Leidos' defensive capabilities and methodologies. 

Location:  Primarily remote one must live within commuting distance to Adelphi, MD for on-site support.

PRIMARY RESPONSIBILITIES

• Act as a technical SME for the Cyber Security Capabilities that defend the subscriber DoD networks.
• Support the establishment of the mid-term (2-5 year) Cyber Security Capabilities technical vision.
• Work closely with the DCSB Government and teams to ensure the capabilities meet the requirements and needs of the C5ISR CSSP.
• Provide Cyber Operations SME support to DCSB Security Engineering and Architecture to ensure capabilities support C5ISR CSSP transformation from an intelligence consumer to a producer.
• Work closely with DCSB stakeholders to ensure Transformation activities are achievable and consistent with program priorities.
• Support the development of cybersecurity technical roadmaps and documentation to drive constant cyber transformation and improvements in CSSP defensive posture
• Be a SME in the vendor and open-source capabilities available to stay ahead of the threats
• Participate in threat hunt operations using known adversary tactics, techniques, and procedures, as well as indicators of attack, in order to detect advanced threats to the enterprise.
• Collaborate using information and knowledge sharing networks and professional relationships to achieve common goals.
• Be a Cyber Operations leader and provide direction and mentorship for less experienced team members.  

REQUIRED QUALIFICATIONS

• Bachelor's degree and at least 12+ years of technical work experience in cyber security.
• Demonstrated experience performing cybersecurity analysis from an operators point-of-view
• Ability to write and verbally communicate information security and risk-related concepts effectively to both technical and non-technical audiences is essential.
• Must have strong problem-solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Experience in conventional network\host-based intrusion analysis, digital forensics, or malware analysis.
• Strong understanding of Operating Systems and Network Protocols.
• A deep understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats in order to define capabilities to combat them.
• Experience hunting for Advanced Persistent Threats in an environment without previous alert or notification in order to define automation/capabilities around cyber hunt best practices.
• Experience with various SIEM-type platform optimization techniques to maximize analyst workflows.
• Ability to create, modify, and implement countermeasures within common COTS and FOSS tools to gauge their effectiveness.
• DoD 8570 IAT-II certifications (Security+ CE or equivalent) required prior to starting.
• Must obtain CSSP certification within 90 days of hire.
• Active Secret Clearance to start, but must be able to obtain a Top Secret security clearance.

PREFERRED QUALIFICATIONS

• Understanding of behavioral based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc.
• Active DoD Secret with eligibility for TS SCI clearance
• Experience with Hybrid Cloud-based information protection.
• Demonstrated use of analysis, design, development, and implementation of technical solutions.
• Demonstrated knowledge of common information security management frameworks such as ISO/IEC 27001, ITIL, COBIT and NIST and an understanding of relevant legal and regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
• Working knowledge of Computer Network Exploitation (CNE), Computer Network Attack (CNA) and Computer Network Defense (CND) tools and techniques.
• Experience applying threat and data modeling, advanced data correlation, and statistical analysis to develop alerts, notable events, investigative dashboards, and metrics driven reports.
• Experience performing "deep dive" analysis and correlation of log data from multiple sources including PCAP and forensic artifacts.
• Proficiency with Microsoft Windows administrative tools, and the Unix/Linux command line.
• Familiarity with common scripting languages (like Perl and Python) to parse logs, automate processes, and integrate systems to maximize use of disparate cyber capabilities
• Experience with Business Intelligence or SOC Automation tools that streamline Operational response

DCSB