Job details

NSOC Incident Response Lead

DescriptionLeidos is seeking an experienced Top Secret cleared Incident Response (IR) Lead to support a highly visible NSOC position. Reporting to the Leidos NSOC Lead, the NSOC Response Lead is responsible to independently lead teams of operators through the incident response lifecycle.The position may require occasional short-term travel to CONUS and OCONUS sites. This position may require an infrequent shift in workday schedule to support exercises occurring over weekends.Primary Responsibilities• Assesses, categorizes, recommends prioritization, develops, reports on, guides, and assumes responsibility for cyber-IR actions in accordance with NIST SP 800-61 Rev. 2.• Leads the IR team.• Conducts in-depth analysis on hosts and networks, forensic analysis, log analysis, and triage in support of IR.• Develops and builds security content, scripts, tools, or methods to enhance the incident investigation processes.• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response processes.• Utilizes technologies such as host forensics tools, Endpoint Detection & Response tools, log analysis and full packet capture to perform hunt and investigative activity to examine endpoint and network-based data.• Populates dashboards with key metrics and processes and deliver technical presentations to various levels of customer leadership. Compiles and presents reports to senior leaders.• Works with stakeholders to implement remediation plans in response to incidents.• Ensures that the IR team has necessary personnel, resources, and skills.• Develops artifacts supporting Information Assurance and Risk Management Framework (RMF) processes.Basic Qualifications• Bachelor's degree and 12 – 15 years of prior relevant experience or Masters with 10 – 13 years of prior relevant experience. May possess a Doctorate in technical domain. Additional years of relevant experience will be considered in lieu of degree.• Top Secret clearance with ability to obtain and maintain TS/SCI.• Strong problem-solving abilities using analytic and qualitative reasoning.• Ability to independently prioritize and complete multiple tasks with little to no supervision.• Ability to accurately capture and document technical remediation details, and ability to brief stakeholders on incident statuses.• Effective communication with customer leadership to disseminate timely updates of critical incidents with an emphasis on attention to detail and accurate reporting.• Experience organizing, directing, and managing operation support functions involving multiple, complex, and interrelated project tasks.• Advanced knowledge of the Incident Response Lifecycle and applicability to various types of incidents.• Ability to collaborate with technical staff and customers to identify, assess, and resolve complex security problems, issues, and risks to facilitate resolution and risk mitigation.• Experience creating processes, playbooks, and SOPs for tools and workflows. Relevant experience should be in the areas of incident detection and response, malware analysis, or computer forensics.• Ability to script in one more of the following computer languages Python, Bash, Visual Basic or PowerShell.• Experience running cyber incident investigations with emphasis on attention to detail and adherence to defined escalation paths.• At least one current DoD 8140 certificationPreferred Qualifications• Experience with virtualized environments (VMware, Red Hat).• Experience working with cloud computing and infrastructure security (AWS, Azure, etc.) to IL6• Experience as a member of agile programs• Experience in Federal Government, DOD or Law Enforcement in CND, CIRT or SOC role• Knowledge of the Cyber Kill Chain and the MITRE ATT&CK framework• Knowledge of Structured Analytic TechniquesOriginal Posting Date:2024-12-20While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.Pay Range:Pay Range $112,450.00 - $203,275.00The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Leidos Glassdoor Company Review

3.8

Leidos DE&I Review

No rating

CEO of Leidos

Tom Bell

Approve of CEO

Average salary estimate

Estimate provided by employer

$163500 / ANNUAL (est.)

min

max

$103K

$224K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About NSOC Incident Response Lead, Leidos

If you're passionate about cybersecurity and have extensive experience in incident response, Leidos has an exciting opportunity for you as the NSOC Incident Response Lead in Hampton, VA. In this role, you'll be the driving force behind our incident response efforts, leading dedicated teams through the complexities of the incident response lifecycle. You’ll be reporting directly to the NSOC Lead and guiding your team with your expertise in analyzing, categorizing, and recommending prioritization strategies based on NIST guidelines. Your ability to conduct thorough forensic analyses and recognize attackers' tactics will make a significant impact on our security posture. We’re looking for someone who can not only assess incidents but also develop innovative scripts and tools to enhance our response capabilities. You'll collaborate closely with stakeholders to implement effective remediation plans and ensure our team has the right skills and resources to tackle challenges. As a key player in the NSOC, you'll compile important reports and dashboards, presenting findings to senior leadership, and influencing the security direction of our organization. We value your problem-solving skills and the ability to prioritize tasks independently. If you have a blend of experience in incident detection, response, and the ability to communicate effectively with technical and non-technical stakeholders, we want to hear from you. Your experience in directing complex operations and creating robust frameworks will help drive our success against cyber threats.

Frequently Asked Questions (FAQs) for NSOC Incident Response Lead Role at Leidos

What are the main responsibilities of the NSOC Incident Response Lead at Leidos?

The NSOC Incident Response Lead at Leidos is primarily responsible for guiding the incident response process, leading teams through the incident response lifecycle, conducting forensic analyses, and managing the assessment and prioritization of cyber incidents. This involves building security content, developing incident investigation tools, and collaborating with stakeholders to implement remediation strategies.