[Remote] Incident Response Deputy Team Lead

Note: The job is a remote job and is open to candidates in USA. Leidos is seeking an experienced Incident Response professional to join their team, focusing on managing day-to-day operations within the Cyber Security Operations Center for U.S. Customs and Border Protection. The role involves coordinating incident response efforts, performing technical analysis of network logs, and leading a team of analysts to enhance the protection of customer systems and networks.

Responsibilities

• Responsible for assisting the CIRT Team Lead with managing the team of CIRT analysts, Incident Response actions and priorities, technical analysis and root cause analyses, and interfacing with the customer
• Partner with other task leads in support of customer initiatives and cyber incidents
• Create dashboards for key metrics and processes and deliver technical presentations to various levels of customer leadership
• Interface with senior DHS & CBP leaders and directors to help maintain and sustain critical systems supporting the CBP Security Operations Center
• Utilize state of the art technologies such as host forensics tools(FTK/Encase), Endpoint Detection & Response tools, log analysis (Splunk) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data
• Conduct in-depth analysis on hosts and networks, forensic analysis, log analysis, and triage in support of incident response
• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response processes
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes
• Lead incident response activities and mentor junior SOC staff
• Work with key stakeholders to implement remediation plans in response to incidents
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
• Flexible and adaptable self-starter with strong relationship-building skills
• Ability to stay up to date with the latest threat intelligence, security trends, tools and capabilities
• Possess strong problem-solving abilities with an analytic and qualitative eye for reasoning
• Ability to independently prioritize and complete multiple tasks with little to no supervision
• Effectively communicate with customer leadership and disseminate timely updates of critical incidents with emphasis on attention to detail and accurate reporting

Skills

• Bachelor's degree in a science or engineering field, IT, or Cybersecurity related field
• 5+ years of experience be in the areas of incident detection and response, remediation, malware analysis, or computer forensics
• Ability to prioritize and complete multiple tasks with little to no supervision
• Experience organizing, directing, and managing contract operation support functions involving multiple, complex, and interrelated project tasks
• Experience effectively communicating at senior levels within a customer organization
• Advanced knowledge of the Incident Response Lifecycle and applicability to various types of incidents and situations
• Ability to collaborate with technical staff and customers to identify, assess, and resolve complex security problems/issues/risks and facilitate resolution and risk mitigation
• Effective communication skills with emphasis on attention to detail, ability to accurately capture and document technical remediation details, and ability to brief stakeholders on incident statuses
• Experience creating new processes, playbooks, and SOPs for new tools and workflows. Prior relevant experience should be in the areas of incident detection and response, malware analysis, or computer forensics
• Ability to script in one more of the following computer languages Python, Bash, Visual Basic or PowerShell
• Experience running cyber incident investigations with emphasis on attention to detail, adept communication skills, and adherence to defined escalation paths
• All CBP SOC employees are required to currently possess a a CBP Background Investigation to support this program
• The candidate should have at minimum ONE of the following certifications: CompTIA Cyber Security Analyst (CySA+), CompTIA Linux Network Professional (CLNP), CompTIA Pentest+, CompTIA Cybersecurity Analyst (CySA+), GPEN – Penetration Tester, GWAPT – Web Application Penetration Tester, GSNA – System and Network Auditor, GISF – Security Fundamentals, GXPN – Exploit Researcher and Advanced Penetration Tester, GWEB – Web Application Defender, GNFA – Network Forensic Analyst, GMON – Continuous Monitoring Certification, GCTI – Cyber Threat Intelligence, GOSI – Open Source Intelligence, OSCP (Certified Professional), OSCE (Certified Expert), OSWP (Wireless Professional), OSEE (Exploitation Expert), CCFP – Certified Cyber Forensics Professional, CISSP – Certified Information Systems Security, CEH – Certified Ethical Hacker, CHFI – Computer Hacking Forensic Investigator, LPT – Licensed Penetration Tester, CSA – EC Council Certified SOC Analyst (Previously ECSA – EC-Council Certified Security Analyst), ENSA – EC-Council Network Security Administrator, ECIH – EC-Council Certified Incident Handler, ECSS – EC-Council Certified Security Specialist, ECES – EC-Council Certified Encryption Specialist
• Experience in Federal Government, DOD or Law Enforcement in CND, CIRT or SOC role
• Knowledge of the Cyber Kill Chain and the MITRE ATT&CK framework
• Knowledge of Structured Analytic Techniques

Benefits

• Competitive compensation
• Health and Wellness programs
• Income Protection
• Paid Leave
• Retirement

Company Overview

• Leidos is a Fortune 500® innovation company rapidly addressing the world’s most vexing challenges in national security and health. It was founded in 1969, and is headquartered in Reston, Virginia, USA, with a workforce of 10001+ employees. Its website is https://www.leidos.com/.

Apply tot his job Apply To this Job