SOC/CSIRC Analyst(Tier 1) Team Lead


Job Description:

Do you want to grow your career and be part of a team solving critical challenges that affect the world? Then Leidos is the place for you!

The Department of Homeland Security (DHS), Immigration and Customs Enforcement (ICE) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to ICE networks through monitoring, intrusion detection and protective security services to ICE information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations.

The Incident Responder will perform the following:
  • Act as liaison between Cyber Defense Forensics Government and contract staff
  • Oversee team of Cyber Defense Forensics/Insider Threat contract personnel
  • Oversee the assignment of casework to Team contractors based on priorities and provide investigative direction and peer reviews
  • Assist with development, implementation, and operation of CDF to include but not limited to review of OPs, policies, and procedures
  • Evaluate existing SOPs, processes, and procedures for constraints and inefficiencies, and create and implement enhancements and improvements
  • Track and report team performance, status, progress, and issues/blockers to stakeholders
  • Collaborate and coordinate with internal and external entities
  • Conduct forensic investigations to include acquisition of digital and physical evidence in accordance with sound forensic procedures and best practices

The ideal candidate will possess:
  • In-depth knowledge of each phase of the Incident Response life cycle
  • Expertise of Operating Systems (Windows/Linux) operations and artifacts
  • Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices (Firewalls, Proxies, Load Balancers, VPN, etc)
  • Ability to recognize suspicious activity/events, common attacker TTPs, and perform logical analysis and research to determine root cause and scope of Incidents
  • Be familiar with Cyber Kill Chain and have utilized the ATT&CK Framework
  • Have scripting experience with Python, PowerShell, and/or Bash
  • Ability to independently prioritize and complete multiple tasks with little to no supervision
  • Flexible and adaptable self-starter with strong relationship-building skills
  • Strong problem solving abilities with an analytic and qualitative eye for reasoning

Basic Qualifications
  • Bachelor's Degree AND 12 years of relevant experience
  • Five (5) or more years of project management experience
  • Experience in security operations as identified in section 6.2
  • Experience in handling incident response
  • (ISC)2 Certified Information Systems Security Professional (CISSP) or Project Management Professional (PMP)
  • Secret Clearance (active)
  • Top Secret, SCI Clearance (eligible)
  • Shall have substantial security experience
  • Any 1 of: CASP, CCSP, SSCP, GMON, GCIH, GCIA, GECD AND any from the CSSP Analyst, Infrastructure Support, or IR from the DOD 8570 list
  • 6 years of equivalent experience will be considered in lieu of one certification

Preferred Qualifications
  • Existing DHS EOD, active Secret clearance, or active Top Secret clearance
  • Recent security operations (SOC) experience.
  • Experience with Agile methods

External Referral Bonus:


External Referral Bonus $:


Potential for Telework:


Clearance Level Required:




Scheduled Weekly Hours:




Requisition Category:


Job Family:

Cyber Operations

Pay Range: