Job Description

Defensive Cyber Operations SME Location Virginia :

Description

At Leidos , we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success. We empower our teams, contribute to our communities, and operate sustainable. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business.

If this sounds like the kind of environment where you can thrive, keep reading!

The Digital Modernization Sector brings together our digital transformation and IT programs, allowing us to better serve our customers through scale and repeatability. Leidos has a critical need for a Defensive Cyber Operations Subject Matter Expert.

Leidos has an immediate need for a Defensive Cyber Operations SME for an existing customer on a highly-visible and strategic Cybersecurity Task Order that provides security operations center (SOC) support, cyber analysis, and security engineering. The Department of Homeland Security (DHS), Security Operations Center (SOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a shared DHS incident tracking system and other means of coordination and communication.

Primary Responsibilities

The Security Operations Manager will plan, direct and manage day to day activities of contractor security operations staff and support customer strategic planning to build and mature SOC Capabilities. The Operations Manager will also be responsible for the following:

• Drive implementation and improvement of new tools, capabilities, frameworks, and methodologies across all teams within the customer's security operations environment
• Manage and conduct hands-on technical analysis as a supplement to Incident Response and Forensics Teams during high-visibility or high-workload investigations
• Guide and mentor junior staff
• Suggest and implement controls for key information security gaps within the customer security infrastructure
• Conduct and maintain detailed gap analysis of customer capabilities
• Ensure timeliness and quality of reporting produced by the security operations staff to stakeholders
• Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations
• Promote and drive implementation of automation and process efficiencies
• Act as subject matter expert in several security technologies (depth) with ability to lead across enterprise security domains (breadth)
• Communicate adeptly at all levels from executive-suite to front-line analysts
• Expertly collaborate across multiple disciplines and levels of the organization
• Multitask with expert organizational skills in a fast-paced environment
• Demonstrate an open mind, creative thinking, willingness to take calculated risks, and a strong ability to make informed decisions
• Create s for new positions and manage annual performance plans for the SecOps team
• Provide guidance and leadership to the SecOps team for technology solutions related to the services that the team operates
• Develop and enforce event response and escalation documentation and processes for Security Operations Center to follow
• Respond to customer inquiries around security-related questions resulting from security incidents
• Develop and support incident response plans, processes, and procedures, and advise on steps to achieve incident response readiness (logging and monitoring configurations, triage and escalation procedures, wider stakeholder liaison, etc.)
• Track emerging security practices and innovations and work with the customer to execute where appropriate.
• Will work regular 8:00 - 5:00 pm hours, on-call and after-hours support in response to incidents as dictated by mission requirements
• Continually mature SOC operations and capabilities, developing intra-team relationships, and building trust and rapport with external stakeholders

Basic Qualifications

• Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS twelve (12) years of experience in incident detection and response, malware analysis, and or cyber forensics. MS Degree and 10 years and security certifications will count toward years of experience.
• 6+ years of supervising and/or managing teams
• 8+ years of intrusion detection and/or incident handling experience
• Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response
• Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow
• Experience with Cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape

Preferred Qualifications

• Advanced knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) and/or Security Operations Center (SOC) operations for a large and complex enterprise
• Significant experience supervising and leading employees of various labor categories and technical skill levels in efforts similar in size and scope to a mature Security Operations Center
• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
• Demonstrated mastery of the life cycle of cybersecurity threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs).
• Extensive leadership experience creating, building, and maintaining high-performing teams, particularly in a cybersecurity environment
• Previous experience managing an enterprise SOC/NOC/NOSC

Original Posting:

June 2, 2025

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $126,100.00 - $227,950.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Job Tags

Full time, For contractors, Immediate start, Night shift,

Similar Jobs