Director of Cybersecurity Intelligence & Response Team (CSIRT)


Job Description:

Leidos' Corporate Information Security (CIS), Cybersecurity Operations, has an immediate opening for the Director of the Cybersecurity Intelligence & Response Team (CSIRT). Leidos CSIRT takes an intelligence driven approach to cyber defense with a focus on threats, adversary tactics, techniques, and behaviors.

This is an opportunity to lead a team of highly skilled and innovative network defenders, and the best group of individuals out there. Our goal is to stay ahead of and maintain a technical advantage over our adversaries using the latest technical advancements, including custom built cybersecurity capabilities. As the leader your responsibilities will include leading the Intrusions, Digital Forensics, and CSIRT Development teams to monitor, detect, mitigate, perform incident response as well as partner with other teams and functions across the company to defend Leidos.

*** This role will allow an individual to work from home in the Reston, VA, Gaithersburg, MD, or greater DC area with the understanding that any customer, Team, or executive meeting the individual will need to travel on site to Reston, VA or Gaithersburg, MD (Mostly).*** This will be a role that someone will be expected to travel as needed.


- Lead and execute the cyber defense for Leidos 24/7/365

- Monitor the external threat environment for emerging threats, advising relevant stakeholders, and supporting the coordination with external agencies, such as law enforcement and other advisory bodies, to ensure that the organization maintains a strong security posture

- Continue to innovate our defensive processes and capabilities to support the company's digital transformation to hybrid and multi-cloud environments

- Partner with the business to demonstrate CSIRT's capabilities driving business growth in cyber security

- Coordinate and collaborate with industry partners, external agencies, and law enforcement

- Lead incident response activities

- Evolve CSIRT metrics to provide insight into our defensive posture, threats, and capability value to Cybersecurity Operations and CIS leadership, enterprise risk teams, executive business leaders, and the board of directors as part of a strategic enterprise risk management program

  • 15 years of experience relevant to information technology and cybersecurity with at least 7 of those years in cybersecurity
  • Strong and demonstratable leadership skills and experience
  • Demonstratable experience communicating information security and risk-related concepts effectively to both technical and non-technical audiences
  • Demonstratable experience with cyber threat modeling frameworks (i.e., CKC, ATT&CK, Diamond model, etc.)
  • Experience leading Incident Response activities
  • Strong problem-solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations
  • Must have strong interpersonal and networking skills
  • Must have experience leading high performing security intelligence teams

  • Ability to obtain a clearance
  • Bachelors Degree
  • Active security clearance
  • Experience with "purple team" activities
  • Experience briefing senior and executive level leaders
  • Experience supporting to Legal and other functions with forensic investigations
  • Experience with Security Orchestration, Automation, and Response (SOAR) tools
  • Experience with Cyber Kill Chain and ATT&CK methodologies
  • Information security experience as a DoD and/or Intelligence Community employee or contractor
  • Experience with the development, implementation, and maintenance of technical solutions
  • Demonstrated knowledge of common information security management frameworks such as ISO/IEC 27001, NIST, CMMC, and an understanding of relevant legal and regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.

Pay Range: