Cyber Intrusion Analyst

Description

We support 24/7 operations and shift assignments are based on both preference and contract requirements, so we ask our team members to remain flexible to potential shift modifications to meet minimum staffing requirements.

JOB DESCRIPTION:
Work closely with Government counterparts to provide guidance within the CND-SP area. Provide CND reports, trends, responses, mitigations, analysis & information dissemination. Provide C2 support, situational awareness support, and provide leadership & support for all CND applicable activities within Protect, Detect, Respond, and Sustain. Work as a technical leader within the CSSP Team, responsible for maintaining the integrity & security of enterprise-wide systems & networks. Provide technical leadership to CND Teams supporting security initiatives through predictive & reactive analysis, and by articulating emerging trends to leadership & staff.

PRIMARY RESPONSIBILITIES:

• Perform computer network incident detection, and response activities to detect, correlate, identify and characterize anomalous activity that may be indicative of threats to the enterprise.
• Monitor various security tools and applications for possible malicious activities, investigate any associated alerts or indicators, and develop recommendations for a course of action, including mitigation strategies as necessary.
• Conduct analysis of low-level ("low and slow") events to identify unauthorized activity utilizing exploratory problem-solving or self-learning techniques.
• Conduct near real-time event triage and analysis, which can result in network traffic validations or a Mission Partner's incident report.
• Utilize formal monitoring policies and procedures that include the appropriate use of DoD-approved network monitoring and traffic analysis tools to assist with identifying suspicious, anomalous, or overtly malicious network traffic on a 24/7/365 basis.
• Review and analyze available logs in a timely manner to detect intruders and notify Mission Partners of activity through a formal reporting process/pending an incident report.
• Apply, develop, tune, and distribute or optimize new and existing countermeasures or guidance to prevent or mitigate potential cyber event impacts when possible.
• Perform network traffic analysis utilizing raw packet data, net flow, IDS, IPS and custom sensor output, as it pertains to the cyber security of communications networks.
• Understand attack signatures, tactics, techniques, and procedures associated with advanced threats.
• Requires good technical writing skills as each event, including the associated analysis, are documented in a ticketing system for review and action.
• Requires excellent communication skills as we are collocated with our customer and regular face-to-face interaction is necessary throughout the day, as well as significant coordination and communication between team members.

BASIC QUALIFICATIONS:

• Minimum active DoD Secret clearance with ability to obtain Top Secret (active TS strongly preferred)
• Current DoD 8570 IAT Level II Certification (e.g. Sec+ CE) or higher at time of start.
• Ability to obtain DoD 8570 CSSP-Analyst certification, such as CEH, CySA+, GCIA or equivalent, within 180 days of hire.
• Bachelor's and 2+ years of relevant experience; additional relevant work experience and/or military service may be considered in lieu of degree
• Experience working CND duties (e.g., Protect, Defend, Respond, and Sustain).
• Experience working with DoD / Government Leaders at all levels.
• Strong computing system knowledge, particularly networking, including a knowledge of communication protocols and familiarity with common computing security elements such as IDS/IPS systems and firewalls.
• Experience evaluating packet captures.
• Willingness and ability to perform shift work (shifts may not be static).

PREFERRED QUALIFICATIONS:

• Command Line Scripting skills (PERL, python, shell scripting) to automate analysis task.
• Knowledge of hacker tactics, techniques and procedures (TTP).
• Familiarity with computing security frameworks such as MITRE ATT&CK and Cyber Kill Chain.
• Monitoring of intrusion detection and computer defense appliances (Splunk, Elastic), applications, and analysis of associated alerts.
• Knowledge of advanced threat actor tactics, techniques, and procedures (TTP)
• Understanding of software exploits.
• Analyze packed and obfuscated code.

At Leidos, we don't want someone who "fits the mold"-we want someone who melts it down and builds something better. This is a role for the restless, the over-caffeinated, the ones who ask, "what's next?" before the dust settles on "what's now."

If you're already scheming step 20 while everyone else is still debating step 2... good. You'll fit right in.

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

About Leidos

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits.

Securing Your Data

Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at LeidosCareersFraud@leidos.com.

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.

Commitment to Non-Descrimination

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.