Herndon, Virginia

Description

Job Description:

The Transportation and Border Security Services (T&BSS) Division has an opening in Northern Virginia for a Threat Detection Engineer to support our TSA customer in their Security Operations Center.

Primary Responsibilities Include:

+ ​Creating threat detection strategies to close visibility and alerting gaps for SOC

+ Creating and maintaining high fidelity alerts across all Security Tool technologies

+ Working with security methodologies and processes within Security Operations Centers supporting medium-large enterprises.

+ Configuring and operating technical security solutions to improve or enhance capabilities and ensure optimal performance

+ Analyze, trend, and filter data and events across all data sources to create security dashboards that provide insight into enterprise events, trends, and activity for multiple stake holders

+ Develop and formalize processes to support the full lifecycle of content-development (conception, creation, testing, documentation, implementation, tuning)

+ Researching attacker methodologies and techniques to identify criteria needed to create high fidelity signatures

Must have experience with:

+ Using ATT&CK and/or other frameworks to categorize alerts and signatures

+ Baselining enterprise events to identify “normal” activity over time

+ SOP development and updating along with training new SOP’s

+ Create documentation that details what signatures are supposed to detect, and how to properly triage

+ Mentoring Junior and mid Analysts

+ Expertise in developing optimized custom SPL using macros, lookups, sub-searches, sequenced events, and other advanced techniques

+ Leveraging multiple log sources to identify malicious behaviors that blend in with normal Enterprise activity

+ Use regex for direct pattern matching and data extraction

+ Using network, endpoint, and other security tools and SIEM technologies

+ Automation and security orchestration tools to support Incident Response

+ Using Cloud log data and understanding of cloud architecture to develop security monitoring

Must have demonstrable knowledge of

+ Network ports and protocols (TCP, UDP, HTTP, SMTP, DNS)

+ Network security devices (FW, IDS/IPS, Proxy, Email Filtration, DNS, etc.)

+ Common host and web application attacks and countermeasures against those attacks

+ Industry frameworks such as cyber kill chain and ATT&CK

+ APT capabilities and ability to implement appropriate detection measures or counter measures

+ Normal working hours of 8:00am – 5:00pm are anticipated, however actual hours may vary depending on mission requirements

Minimum Requirements Include:

+ Must possess a current Secret clearance

+ Bachelors degree and 5 years of relevant experience

Certification: One of the following certifications is required:

+ CISSP

+ GCIH

+ GCFA

+ GPEN

+ GWAPT

+ GCIA

Or equivalent

Pay Range:Pay Range $74,750.00 - $115,000.00 - $155,250.00

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

#Remote

REQNUMBER: R-00093826

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an equal opportunity employer/disability/vet.

Herndon, Virginia

At Leidos, quality performance means two things:

  1. Satisfying our customers by delivering the products and services they need on time and in budget.
  2. Continuously improving our processes so that our work meets requirements and is done right the first time.

Our proprietary EngineeringEdge® solution gives us a consistent, company-wide approach to planning, designing, developing, and delivering solutions that achieve our customers’ goals. Comprehensive and customizable, EngineeringEdge is based on industry standards and best practices from:

  • CMMI®, the CMMI Institute.
  • Project Management, the Project Management Institute.
  • the International Organization for Standardization (ISO®).
  • the International Council on Systems Engineering/INCOSE Corporation.
  • Electronic Industries Alliance.
  • Our four decades experience on a wide range of programs.

Many Leidos organizations have been able to earn coveted CMMI maturity level 3 and higher, as well as ISO 9001 organizational designations.

In addition, we have our own high standards for ethics and performance. Investors : Employee Code of Conduct

What does this mean to our clients? High quality products and services, developed in an environment committed to continuously improving processes and uncompromising ethics.

Similar jobs