SOC Analyst

Description

Leidos is seeking a SOC Analyst to join our team at Ft. Meade, MD. In this role you will provide security infrastructure operations support and interfacing across the program. This support includes Microsoft cybersecurity solutions and related technologies. The successful candidate for this position is a highly motivated individual, with a strong IT security background who excels integrating, operating, and deploying security technology and solutions and interacts well with both internal teams and clients.

PROGRAM SUMMARY:
The Defense Enclave Services contract will unify the DOD Fourth Estate Defense Agencies and Field Activities' common use information technology systems, personnel, functions and program elements under the direction of DISA's Fourth Estate Network Optimization program office.

CLEARANCE REQUIREMENT:

• Must hold an active Secret security clearance. (US Citizenship required)

• Provide SOC and Incident Response support, including coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for events and incidents.
• Monitor and reply to events and alerts from the SIEM, monitoring tools, and other network tools.
• Investigate events of interest and escalating to senior NOC / SOC members.
• Drive incidents from discovery to closure and reporting, with comprehension of escalation procedures and criteria.
• Categorize incidents & events, and partner with appropriate authorities in the production of security incident reports.
• Coordinate with other DISA organizations, activities, and other services as appropriate to de-conflict blue / red team activity with open incidents/events.
• Build timelines, documents, briefings, and other products as required to inform stakeholders of incident response actions, analysis, and the impact of both adversary activity and blue force response actions.
• While not in a period of incident response, you will conduct continuous exercises and dry runs to improve response outcomes in the event of a cyber-incident.
• Provide cybersecurity root-cause analysis in support of any tickets for which it fails to meet the Acceptable Quality Levels (AQLs). This root-cause analysis will include documenting recommendations for corrective action.
• Provide enterprise recommendations to Leidos and DISA leadership to remediate environment wide issues, support continuous process improvement, and report analysis.
• Investigate compromised endpoints, identifying IOCs within the environment and conveying to users and other teams impact of discovered events.

• Bachelor's degree and 5+ years of relevant experience; additional years of experience may be substituted in lieu of a degree.
• Must have an active DoD IAT Level II certification, prior to start (e.g. Sec+, CISSP).
• Systems administration experience - desktop and server systems connected to local and wide area networks.
• Troubleshooting skills and knowledge of a troubleshooting methodology.
• Incident Response Experience.
• Knowledge Management skills to follow and create documentation.
• KQL/Office 365 Incident response experience.

• Certifications such as CySA, CEH, GCIA, or GCIH.
• Threat Hunting experience against MITRE T Codes
• Experience with enterprise antivirus solutions.
• Experience with vulnerability scanners.
• Incident Response Certification.