Team Lead- Incident Response

Leidos has an immediate need for an experienced Lead Incident Response Analyst for a new customer on a highly-visible and strategic Cybersecurity Task Order. The Incident Response Analyst will need to be a self-starter with excellent analytical and problem-solving skills, flexibility, good judgment, and the ability to work within a team to stand up and mature the cybersecurity capabilities of our customer
Primary Responsibilities:

• Perform incident handling responsibilities with direct interface to customers and management team
• Perform analysis on anomalous behavior based on log data from firewalls, packet capture, web proxy services, network flow analysis, intrusion detection, and malware analysis tools
• Instill and reinforce industry best practices in the domains of Incident Response, cybersecurity analysis, case and knowledge management, and SOC operations
• Promote and drive implementation of automation and process efficiencies
• Recommend implementation and improvement of new tools, capabilities, frameworks, and methodologies
• Provide guidance and mentorship to improve analyst skill sets and ensure delivery of high quality analysis and work products
• Establish trust and business relationships with customer and other relevant stakeholders

Basic Qualifications:

• Prior experience working as a SOC analyst
• 5+ years of intrusion detection and/or incident handling experience
• Working knowledge of SIEM solutions and incident management solutions
• In-depth knowledge of each phase of the Incident Response life cycle
• Expertise of Operating Systems (Windows/Linux) operations and artifacts
• Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices (Firewalls, Proxies, Load Balancers, VPN, etc)
• Ability to recognize suspicious activity/events, common attacker TTPs, perform logical analysis and research to determine root cause and scope of Incidents
• At least one of the following certifications:
• GCIH - Incident Handler, GCFA - Forensic Analyst, GCFE - Forensic Examiner, GXPN - Exploit Researcher and Advanced Penetration Tester, OSCE (Certified Expert), OSWP (Wireless Professional), OSEE (Exploitation Expert),CCFP - Certified Cyber Forensics Professional, CISSP - Certified Information Systems Security, CompTIA Pentest+, CompTIA Cyber Security Analyst (CySA+), Windows Forensic Examinations - FTK WFE-FTK, ECES - EC-Council Certified Encryption Specialist, EnCE, ECSS - EC-Council Certified Security Specialist, ECIH - EC-Council, Certified Incident Handler, ENSA - EC-Council Network Security Administrator, CCNA Security, CCNP Security, CEH - Certified Ethical Hacker, CHFI - Computer Hacking Forensic Investigator, LPT - Licensed Penetration Tester, ECSA - EC-Council Certified Security Analyst, GWEB - Web Application Defender, GNFA - Network Forensic Analyst, OSCP (Certified Professional), GOSI - Open Source Intelligence, Forensics and Intrusions in a Windows Environment -FIWE, Windows Forensic Examination - EnCase - Counter Intelligence (CI) - WFE-E-CI
• Computer Incident Responders Course - CIRC, GCTI - Cyber Threat Intelligence, IACRB Certified Security Awareness Practitioner (CSAP), Splunk SOAR Certified Automation Developer, Splunk Core Certified Consultant
• Splunk Core Certified Advanced Power User, CTIA - Certified Threat Intelligence Analyst
• Must be able to acquire a CISA Entry on Duty (EOD support this program

Preferred Qualifications:

• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
• Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large-scale Incident Response.
• Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
• Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
• Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments

Education & Experience:

• Bachelors Degree and 8 - 12 years of prior relevant experience in order to operate within the scope contemplated by the level.
• Experience in lieu of degree.

Pay Range:
Pay Range $101,400.00 - $183,300.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.