Job Description

Salary: $104,650 - 189,175 per year Requirements:

• Possession of a DoD TS/SCI Clearance is mandatory.
• A current security certification in line with DoD 8140 is required, along with the ability to obtain an appropriate computing environment certification within 6 months.
• A Bachelor’s degree along with 6 years of prior experience in the cybersecurity technical/professional field is essential. Additional years of experience and/or certifications may be accepted in lieu of a degree or prior work experience.
• Familiarity with Endpoint Detection and Response (EDR) capabilities is crucial.
• A solid understanding of Information Security controls, including system-level controls, network controls, and security operations across Endpoint, Cloud, SaaS, and Identity is necessary.
• Experience in investigating and analyzing alerts and threats to identify anomalous, suspicious, or malicious activity is required.
• Knowledge of content creation concepts and threat analysis for complex events, as well as experience in managing logs and alerts from various technologies and sources, is important.
• Proven expertise in leading incident response engagements and developing detection content utilizing various data sources and query languages is necessary.
• Familiarity with security architectures, devices, firewalls, and various system and application security threats and vulnerabilities is expected.
• Experience in clearly presenting findings, conclusions, alternatives, and information to stakeholders and vendors, as well as practical experience in information security, is required.
• The candidate must be willing to travel as needed.

Responsibilities:

• I will conduct proactive threat hunting activities to identify suspicious activity and potential cyber threats to prevent escalation.
• I will apply independent critical thinking to analyze threat intelligence data including emerging attack techniques, tactics, and procedures (TTPs) to determine the appropriate response and remediation actions.
• I will analyze log data from various internal sources (e.g., firewalls, hosts, EDR, IDS/IPS) to spot suspicious activity and evaluate possible threats affecting the organization.
• I will respond to customers’ RFIs and conduct thorough investigations within designated time and scope using all available tools and techniques to uncover additional information.
• I will develop countermeasures such as custom SIEM and IDS rules/signatures to enhance our ability to prevent and detect attacks on our assets and data.
• I will handle incident management tasks such as triage, response activities, documentation, reporting, and lessons learned.
• I will educate and empower customers by providing context on various threats and advising them on best practices.
• I will analyze ongoing cyber attacks, such as phishing, DDoS, data leaking, and ransomware, to assess their origin, purpose, and impact on our clients.
• I will track and engage with threat actors across the clear, deep, and dark web to gather unique insights and intelligence.
• I will serve as a key source of expertise in threat intelligence, providing valuable support to our customers with my varied skills and know-how.
• I will create and deploy security monitoring content, including dashboards and alerts within our SIEM and other tools, to detect threats and suspicious activities, aiding in incident investigations.
• I will regularly review, assess, and optimize detection content to ensure it supports internal and SOC operations effectively.
• I will create and maintain technical documents covering topics like content creation, rule reviews, log queries, network/security visibility issues, detection gaps, and monitoring strategies.
• I will identify areas where security monitoring can improve and propose enhancements to strengthen our detection and response capabilities.
• I will mentor and guide fellow security team members, assisting with project execution and promoting skill development in tactical security practices.
• I will directly interface with and mentor the SOC.
• I will develop strategies for managing security incidents and coordinating responses to security breaches.

Technologies:

• Cloud
• Support
• Network
• Security
• Web
• Firewall
• IaaS
• PaaS

More:

I am pleased to announce that our Multi-Domain Solutions Division at Leidos currently has openings for a Cyber Security Engineer / Information Systems Security Engineer (ISSE). Our team is dedicated to supporting the Advanced Battle Management System’s (ABMS) Digital Infrastructure Network Manager program. We play a crucial role in assisting the Department of the Air Force in deploying and operating the foundational ABMS Digital Infrastructure. This initiative aims to create a unified command-and-control infrastructure that seamlessly connects sensors, data streams, and weapon systems across all domains (air, land, sea, cyber, and space). Our efforts will enable U.S. forces, along with allies and partners, to process and act on extensive data more swiftly than adversaries can detect and respond.

In this role, I am looking for a Cyber Threat Hunter who will actively work to identify and investigate suspicious activities, analyze threat intelligence to stay ahead of emerging attacker strategies, and translate these findings into effective security enhancements that safeguard our clients' assets. The position requires a comprehensive understanding of advanced threat detection methods, strong analytical capabilities, and the ability to collaborate effectively with other security professionals.

I look forward to welcoming a valuable addition to our dynamic team.

Job Tags

Full time, Work experience placement,

Similar Jobs