Apply on Employer Site

Leidos · 2 weeks ago

Lead Cyber Fusion Analyst

Odenton, MD

Full-time

Onsite

Senior Level, Lead/Staff

$131K/yr - $237K/yr

12+ years exp

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. The Lead Cyber Fusion Analyst will support the DoD Cyber Defense Command by providing analysis and leadership for the DCDC Fusion Analyst team, ensuring effective cyber operations and security measures are in place.

ComputerGovernmentInformation ServicesInformation TechnologyNational SecuritySoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Lead the DCDC Fusion Analyst team including employee engagement, training, performance reviews, and all other Leidos employee needs

Includes mentoring, assigning and reviewing work and planning/scheduling to ensure milestones are completed in accordance with the program work statement

Identify problems, determine accuracy and relevance of a broad range of technical information. Use sound judgment to generate, evaluate, and execute alternative courses of action. Produce timely, effective, decision-quality technical recommendations to support senior leadership

Serve as a lead for planning, coordination, implementation, validation, mitigation, and compliance of cyber operations/intel security tasks

Leverage an array of network monitoring and detection capabilities (including netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data) to identify cyber adversary activity

Support the development of Cyber Fusion standard operating procedures (SOPs), and Cyber Fusion Framework and Methodology based on industry best practice and department of defense instruction, guidance, and policy

Identify threats to the enterprise and provide mitigation strategies to improve security and reduce the attack surface

Perform analysis by leveraging serialized threat reporting, intelligence product sharing, OSINT, and open-source vulnerability information to ensure prioritized plans are developed

Analyze and document malicious cyber actors TTPs, providing recommendations and alignment to vulnerabilities and applicability to the enterprise operational environment

Discover adversary campaigns, anomalies and inconsistencies in sensor and system logs, SIEMs, and other data

Analyze and track vulnerability disclosure program (VDP) incidents as it relates to intelligence reporting

Identify, investigate and rule out system compromises, with the capacity to provide written analytic summaries and attack life cycle visualizations

Provide risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities

Offer recommendations to adjust enterprise or tactical countermeasures to for threats impacting the DODIN

Collect analysis metrics and trending data, identify key trends, and provide situational awareness on these trends

Provide guidance regarding the use of OSINT techniques in the pursuit of investigatory requirements

Perform quality assurance duties on behalf of JDOC leadership, ensuring that SIGACTs are compliant with JDOC policies, as well as ensuring that all information is captured before closure

Qualification

DoD TS/SCI ClearanceDoDD 8570 IAT Level IINetwork monitoring toolsCyber threat methodologiesProficiency with SplunkWindows OS proficiencyIntelligence CommunityCybersecurity analytics skillsOSINT techniquesDODINIAT Level III CertificationCommunication skills

Required

Active DoD TS/SCI Clearance and eligible for polygraph

DoDD 8570 IAT Level II Certification (SEC+, CySA, GICSD, etc.)

Bachelor's degree in related discipline and 12+ years of related experience. Additional experience may be accepted in lieu of degree

Strong communications and interpersonal skills

Proficient in Microsoft Office applications (Word, Excel, Outlook, PowerPoint)

Proficient in Windows 7/8/10/11

Ability to work in a virtual environment like Microsoft Teams

Experience working with members of the Intelligence Community (IC) and knowledge and understanding of Intelligence processes

In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies

Proficiency with datasets, tools and protocols that support analysis (e.g. Splunk, CMRS, VDP, passive DNS, Virus Total, TCP/IP, OSI, WHOIS, enumeration, threat indicators, malware analysis results, Wireshark, Arcsight, etc.)

Experience with IC repositories (Pulse, TESTFLIGHT, etc.)

Experience with various open-source and commercial vendor portals, services and platforms that provide insight into how to identify and/or combat threats or vulnerabilities to the enterprise

Proficiency working with various types of network data (e.g. netflow, PCAP, custom application logs)