Apply on Employer Site

Leidos · 1 month ago

SOC Analyst

Alexandria, VA

Full-time

Onsite

Mid Level

$85K/yr - $154K/yr

4+ years exp

Leidos is a leading technology company focused on digital modernization. They are seeking a SOC Analyst to support incident handling and response in a Security Operations Center, utilizing various tools to identify and analyze security threats.

ComputerGovernmentInformation ServicesInformation TechnologyNational SecuritySoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Utilize alerts from endpoints, IDS/IPS, netflow, and custom sensors to identify compromises on customer networks/endpoints

Perform junior- to intermediate-level review of massive log files, pivot between data sets, and correlate evidence for incident investigations

Pass triaged alerts to senior-level SOC personnel and assist in identifying malicious actors on customer networks

Document analysis, findings, and actions in a case/knowledge management system

Support senior-level SOC personnel with the creation and distribution of incident reports to customers and higher headquarters

Qualification

Incident handlingSOC experienceDoD 8570 IAT II certificationCND experienceTCP/IP knowledgeSIEM platform knowledgeMalware analysisUnix/Linux experienceAnalytical skillsTroubleshooting skillsCommunication skills

Required

Must have an active DoD Top Secret clearance with ability to obtain SCI

Must have DoD 8570 IAT II or higher certification (such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC, etc.) prior to starting

Must be able to obtain DoD 8570 CSSP-Analyst certification (such as CEH, CySA+, GCIA, etc.) within 6 months of starting

Bachelor's degree and 4+ years of prior relevant experience; additional military service and/or relevant work experience may be considered in lieu of degree

1+ years of prior incident handling/response experience

1+ years of experience working in a SOC environment

CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization

Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs)

Demonstrated sound understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements

Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings

Demonstrated commitment to training, self-study and maintaining proficiency in the technical cybersecurity domain and an ability to think and work independently

Strong analytical and troubleshooting skills

Willing to perform shift work, including weekend hours

Preferred

Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, Full Packet Capture), and other attack artifacts in support of incident investigations

In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. ArcSight, Splunk, Nitro/McAfee Enterprise Security Manager, QRadar, LogLogic)

Experience and proficiency with any of the following: Anti-Virus, HIPS/HBSS, IDS/IPS, Full Packet Capture, Network Forensics

Experience with malware analysis concepts and methods

Unix/Linux command line experience

Scripting and programming experience

Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings

Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework