Defensive Cyber Operations Analyst

About the position The Leidos Digital Modernization sector is seeking Defensive Cyber Operations Analysts to support a Defensive Cyber Operations (DCO) team in Washington, DC. Our team provides mission critical, 24/7 operational support to the customer’s mission of protecting federal networked systems and services from cyber threats impacting national security. We hire for these roles on an ongoing basis and our recruiting team will contact applicants as positions become available. This is a hybrid position with the potential for up to 20% Telework. Shifts include Days, Swings and Mids. Shift availability will vary based on program needs and staffing levels. All new hires’ initial 4-6 weeks will be spent on weekday Day Shift to complete onboarding, training and familiarization. Applicants must remain flexible to potential shift modifications to assist in meeting minimum staffing requirements.

Responsibilities

• Incident Detection & Characterization: Perform computer network incident detection and response activities to detect, correlate, identify, and characterize anomalous activity indicative of enterprise threats.
• Continuous Security Monitoring: Monitor various security tools and applications for malicious activities, investigate associated alerts or indicators, and develop mitigation strategies and courses of action.
• Operational Rigor: Follow Standard Operating Procedures (SOPs) with strong attention to detail, ensuring all system checks are performed timely and all documentation is complete and accurate.
• Technical Leadership & Influence: Work to influence project/team leaders regarding solution design and process approaches; review investigations and reports of peers to ensure accuracy and clarity.
• Senior-Level Briefing: Develop and conduct technical briefings to senior management, translating complex security events into actionable business or mission intelligence.
• Detailed Documentation: Maintain high-quality technical writing standards, documenting every event and associated analysis within the ticketing system for audit and follow-on action.
• Collaborative Coordination: Exercise excellent communication skills for regular face-to-face customer interaction and high-tempo coordination between team members in a collocated environment.
• Adaptive Defense: Support the CSSP in providing detect, response, mitigation, and recovery capabilities by monitoring network/host/application security devices.

Requirements

• All positions require a Bachelor's Degree in a related discipline as well as professional, directly relevant experience depending on job level (Level II: 2+ years of experience, Level III: 4+ years of experience, Level IV: 8+ years of experience). Additional years of professional and/or military experience may be substituted in lieu of degree.
• DoD 8570 IAT Level II/III: Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security+, CySA+, GSEC, SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH).
• DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC GCIA).
• DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP).
• Technical Proficiency: Strong computing system knowledge, particularly networking, including communication protocols and familiarity with common security elements such as IDS/IPS and firewalls.
• Data Analysis: Direct experience evaluating packet captures (PCAP) and logs to identify malicious traffic and verify security events.
• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

Nice-to-haves

• SOC Excellence: Prior experience working in a Cyber Network Defense (CND) or Security Operations Center (SOC) environment.
• Framework Expertise: Demonstrated familiarity with security frameworks such as the Lockheed Martin Cyber Kill Chain and MITRE ATT&CK.
• Intrusion Analysis: Specialized experience in the monitoring of intrusion detection appliances and the analysis of complex, multi-stage alerts.
• Response Recommendation: Proven track record of documenting technical analysis and providing defensive response recommendations to senior stakeholders.
• Platform Familiarity: Experience working with SIEM platforms (Splunk, Elastic, or similar) to perform data correlation and search queries.

Benefits

• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.

Apply tot his job Apply To this Job