SOC/CSIRC Analyst (Tier 3)

Description Job Description:Do you want to grow your career and be part of a team solving critical challenges that affect the world? Then Leidos is the place for you!The Department of Homeland Security (DHS), Immigration and Customs Enforcement (ICE) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to ICE networks through monitoring, intrusion detection and protective security services to ICE information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. Leidos is seeking a Tier 2 SOC/CSIRC Analyst to join our team on this highly visible DHS ICE SOC Program.The SOC/CSIRC Analyst will perform the following:

• Coordinate investigation and response efforts throughout the Incident Response lifecycle
• Correlate and analyze events and data to determine scope of Cyber Incidents
• Acquire and analyze endpoint and network artifacts, volatile memory, malicious files/binaries and scripts
• Recognize attacker tactics, techniques, and procedures as potential indicators of compromise (IOCs) that can be used to improve monitoring, analysis and Incident Response.
• Develop, document, and maintain Incident Response process, procedures, workflows, and playbooks
• Tune and maintain security tools (EDR, IDS, SIEM, etc) to reduce false positives and improve SOC detection capabilities
• Document Investigation and Incident Response actions taken in Case Management Systems and prepare formal Incident Reports
• Create metrics and determine Key Performance Indicators to drive maturity of SOC operations
• Develop security content such as scripts, signatures, and alerts

• In-depth knowledge of each phase of the Incident Response life cycle
• Expertise of Operating Systems (Windows/Linux) operations and artifacts
• Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices (Firewalls, Proxies, Load Balancers, VPN, etc)
• Ability to recognize suspicious activity/events, common attacker TTPs, and perform logical analysis and research to determine root cause and scope of Incidents
• Be familiar with Cyber Kill Chain and have utilized the ATT&CK Framework
• Have scripting experience with Python, PowerShell, and/or Bash
• Ability to independently prioritize and complete multiple tasks with little to no supervision
• Flexible and adaptable self-starter with strong relationship-building skills
• Strong problem solving abilities with an analytic and qualitative eye for reasoning

• Minimum of an active Secret clearance
• Candidates must be able to obtain an ICE EOD
• Bachelors Degree in IT related field or higher and 8+ years' experience in an information technology field with a minimum of 2 years of experience in the areas of incident detection and response, malware analysis, or computer forensics.

• Certified Ethical Hacker, (CEH) CySA+
• SANS GIAC: GCIH, GCIA, GCFA, GPEN GCFE, GREM
• CISSP OSCP, OSCE, OSWP