Cybersecurity Operations Lead
Via Logic LLC, Pearl City, HI, United States
Overview
Leidos has a current job opportunity for a Cybers Security Operations Lead on the DISA GSM-O II program in Pearl Harbor, HI. Cyber Operations is responsible for monitoring and analyzing the security posture of networks, servers, endpoints, and other systems. Activities include detection, mitigation, response, and reporting of cyber incidents using a combination of technology solutions and processes to ensure security issues are addressed quickly on discovery. Position Summary
The team’s mission is to provide robust cybersecurity services for the Department of Defense Information Network (DoDIN). This is achieved through the continuous execution of the Protect, Detect, Respond, and Sustain functions of a Cyber Security Services Provider (CSSP). As Cybersecurity Operations Lead, you will ensure your team effectively monitors, analyzes, responds to, and reports threats in real-time to safeguard critical networks and infrastructure. Your responsibilities will extend beyond individual analysis and encompass the management and performance of your entire team. Primary Responsibilities
Ensure Mission Coverage:
Manage your team’s schedule to ensure uninterrupted operational support, 24/7/365, modifying shifts as needed to meet staffing requirements. Oversee Incident Response:
Guide the team in real-time monitoring of security tools (SIEM, IDS, etc.), ensuring immediate and accurate identification, analysis, triage, and reporting of cybersecurity events. Technical Guidance:
Serve as the primary technical leader for the team. Mentor analysts in advanced analysis of network traffic, packet captures, and logs to identify threats and anomalous activity. Threat Intelligence Integration:
Ensure the team understands and applies knowledge of adversary tactics, techniques, and procedures (TTPs), leveraging frameworks like MITRE ATT&CK and the Cyber Kill Chain to characterize and prioritize incidents. Quality Assurance:
Review incident reports, situation awareness reports, and all other products created by the team to ensure they are accurate, well-documented, and actionable for leadership and mission partners. Knowledge Management:
Enforce disciplined use of knowledge management tools for all incident handling and shift transitions. You are responsible for the quality and completeness of the data your team enters. Process Documentation:
Lead the team in creating, reviewing, and updating operational documentation, including Standard Operating Procedures (SOPs), Tactics, Techniques, and Procedures (TTPs), and Quick Reference Guides (QRGs), on a quarterly basis. Professional Growth:
Identify skill gaps on the team and facilitate continuous learning by encouraging participation in training, development of automation workflows, and professional development to keep the team current with new threats and tools. Stakeholder Interface:
Act as the primary point of contact between your team and government leadership, other DISA divisions, and external customer agencies. Situational Awareness:
Provide clear and timely information to leadership on the state of Network Assurance, articulating emerging trends and the impact of cyber events. Collaboration:
Foster a collaborative environment within your team and across shifts. Ensure seamless coordination with inspection teams, Cyber Protection Teams (CPTs), and customer incident responders. Basic Qualifications
Related Bachelor’s degree and 8+ years of prior relevant experience; higher-level Cyber certifications may be substituted in lieu of degree. Meet DoD 8140 Advanced Proficiency Level Must have DoD Secret security clearance to start on the program Must be a U.S. Citizen Experience providing guidance and direction to a team of 15+ with project and time management skills In-depth understanding of advanced cybersecurity concepts and processes with experience applying them with little to no guidance Ability and willingness to support occasional shift work as needed Experience using the following key technologies: Splunk and Elastic as Security Information & Event Management (SIEM) tools, Networking Monitoring & Security (NMS), Firepower Intrusion Detection System (IDS), Microsoft Defender for Endpoint & Sentinel , Microsoft Power Suite (Apps, BI, Automate), Wireshark, MITRE ATT&CK Framework, Zero Trust Architecture Familiarity with the following: Networking Monitoring & Security (NMS), Cisco Firepower Intrusion Detection System (IDS) Motivated self-starter with strong written and verbal communication skills and the ability to translate complex technical reports on analytic findings for a non-technical audience Demonstrated hands-on experience managing high volumes of logs, network data, and other artifacts in support of incident investigations and a high standard for attention to detail Preferred Qualifications
Bachelor’s or Master’s degree in Cybersecurity DoD Top Secret security clearance Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
#J-18808-Ljbffr
Leidos has a current job opportunity for a Cybers Security Operations Lead on the DISA GSM-O II program in Pearl Harbor, HI. Cyber Operations is responsible for monitoring and analyzing the security posture of networks, servers, endpoints, and other systems. Activities include detection, mitigation, response, and reporting of cyber incidents using a combination of technology solutions and processes to ensure security issues are addressed quickly on discovery. Position Summary
The team’s mission is to provide robust cybersecurity services for the Department of Defense Information Network (DoDIN). This is achieved through the continuous execution of the Protect, Detect, Respond, and Sustain functions of a Cyber Security Services Provider (CSSP). As Cybersecurity Operations Lead, you will ensure your team effectively monitors, analyzes, responds to, and reports threats in real-time to safeguard critical networks and infrastructure. Your responsibilities will extend beyond individual analysis and encompass the management and performance of your entire team. Primary Responsibilities
Ensure Mission Coverage:
Manage your team’s schedule to ensure uninterrupted operational support, 24/7/365, modifying shifts as needed to meet staffing requirements. Oversee Incident Response:
Guide the team in real-time monitoring of security tools (SIEM, IDS, etc.), ensuring immediate and accurate identification, analysis, triage, and reporting of cybersecurity events. Technical Guidance:
Serve as the primary technical leader for the team. Mentor analysts in advanced analysis of network traffic, packet captures, and logs to identify threats and anomalous activity. Threat Intelligence Integration:
Ensure the team understands and applies knowledge of adversary tactics, techniques, and procedures (TTPs), leveraging frameworks like MITRE ATT&CK and the Cyber Kill Chain to characterize and prioritize incidents. Quality Assurance:
Review incident reports, situation awareness reports, and all other products created by the team to ensure they are accurate, well-documented, and actionable for leadership and mission partners. Knowledge Management:
Enforce disciplined use of knowledge management tools for all incident handling and shift transitions. You are responsible for the quality and completeness of the data your team enters. Process Documentation:
Lead the team in creating, reviewing, and updating operational documentation, including Standard Operating Procedures (SOPs), Tactics, Techniques, and Procedures (TTPs), and Quick Reference Guides (QRGs), on a quarterly basis. Professional Growth:
Identify skill gaps on the team and facilitate continuous learning by encouraging participation in training, development of automation workflows, and professional development to keep the team current with new threats and tools. Stakeholder Interface:
Act as the primary point of contact between your team and government leadership, other DISA divisions, and external customer agencies. Situational Awareness:
Provide clear and timely information to leadership on the state of Network Assurance, articulating emerging trends and the impact of cyber events. Collaboration:
Foster a collaborative environment within your team and across shifts. Ensure seamless coordination with inspection teams, Cyber Protection Teams (CPTs), and customer incident responders. Basic Qualifications
Related Bachelor’s degree and 8+ years of prior relevant experience; higher-level Cyber certifications may be substituted in lieu of degree. Meet DoD 8140 Advanced Proficiency Level Must have DoD Secret security clearance to start on the program Must be a U.S. Citizen Experience providing guidance and direction to a team of 15+ with project and time management skills In-depth understanding of advanced cybersecurity concepts and processes with experience applying them with little to no guidance Ability and willingness to support occasional shift work as needed Experience using the following key technologies: Splunk and Elastic as Security Information & Event Management (SIEM) tools, Networking Monitoring & Security (NMS), Firepower Intrusion Detection System (IDS), Microsoft Defender for Endpoint & Sentinel , Microsoft Power Suite (Apps, BI, Automate), Wireshark, MITRE ATT&CK Framework, Zero Trust Architecture Familiarity with the following: Networking Monitoring & Security (NMS), Cisco Firepower Intrusion Detection System (IDS) Motivated self-starter with strong written and verbal communication skills and the ability to translate complex technical reports on analytic findings for a non-technical audience Demonstrated hands-on experience managing high volumes of logs, network data, and other artifacts in support of incident investigations and a high standard for attention to detail Preferred Qualifications
Bachelor’s or Master’s degree in Cybersecurity DoD Top Secret security clearance Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
#J-18808-Ljbffr