Senior Incident Responder

Description

Job Description:

The Transportation and Border Security Services (T&BSS) Division has an opening in Northern Virginia for a Senior Incident Responder to support our TSA customer in their Security Operations Center. 

Primary Responsibilities

• Must have the ability and prior experience with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents. This includes the identification of malicious code present within a computer system as well identification of malicious activities that are present within a computer system and/or enterprise network.

• Must possess excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings

• Must possess excellent organizational and attention to details skills

• Must possess a working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks. A conceptual understanding of Windows Active Directory is also required.

• Must possess a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, Multi-Protocol Label Switching (MPLS), etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)

• Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices such as firewalls, proxies, load balancers, VPN, etc.

• Must have experience working with various event logging systems and must be proficient in the review of security event log analysis. Previous experience with Security Information and Event Monitoring (SIEM) platforms that perform log collection, analysis, correlation, and alerting is also required.

• Must have proficiency in utilizing various packet capture (PCAP) applications/engines and in the analysis of PCAP data

• Must have experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment

• Develop, document, and maintain Incident Response SOPs, processes, procedures, playbooks, and workflows

• Expert understanding of the Incident Response and Attacker lifecycles

• Tune and maintain security tools (EDR, IDS, SIEM, etc) to reduce alert false positives and improve SOC detection capabilities

• Ensure investigation and Incident Response actions are documented thoroughly in Case Management Systems; prepare formal Incident Reports

• Develop security content to include but not limited to scripts, signatures, dashboards, and metrics

• Familiarity with Cyber Kill Chain, ATT&CK, and other industry frameworks

• Normal work hours include 8:00 AM – 5:00 PM, on-call and after-hours support in response to incidents as dictated by mission requirements

Minimum requirements include:

• Must have a current Secret clearance

• Bachelors degree and 4 years of relevant experience working as a network security analyst or incident responder in a security operations center including handling and managing computer security incidents

• Must be able to work day shift from 8:00AM- 5:00PM. on call and after hours support to incidents as dictated by mission requirements

Preferred Qualifications

• Experience with Cloud Service Providers, familiarity with cloud architectures, and performing Incident Response in cloud environments

• Certification: Advanced certification in incident handling (GCIH, CEH or equivalent); SANS advanced certifications (GCFA, GREM, GNFA); OCSP and quality penetration testing is desired.

Pay Range:

Pay Range $78,000.00 - $120,000.00 - $162,000.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

#Remote