Security Operations Center​/SOC Lead

Position: Security Operations Center (SOC) LeadLeidos has a current job opportunity for a Security Operations Center (SOC) Lead on the DISA GSM-O program in Alexandria, VA.POSITION SUMMARY:Through the J6 Penetration Handling, Incident, System Health (PHISH) support services task order on the GSM-O contract, we provide IT products, services and solutions to the Pentagon and other DoD offices and agencies for them to meet mission and business requirements. Our Cybersecurity team performs cyber defensive actions in support of J6 to prevent, detect, respond and recover from adversarial activities.The SOC consists of a variety of highly-skilled, technical staff performing cyber incident handling, fusion analysis, non-compliance reporting, user activity monitoring, and malware and forensic analysis. Furthermore, the SOC Lead coordinates 24x7 staffing to support mission-critical operations, including incident response, and manages surge support.PRIMARY RESPONSIBILITIES:• Plan, direct, and manage day-to-day activities across the Security Operations Center as well as high-tempo, high-visibility incident response, when required.• Ensure SOC personnel adhere to documented processes and procedures for triage, analysis, incident response, and reporting.• Drive implementation and adoption of new tools, capabilities, frameworks, and methodologies across all teams within the SOC.• Accountable for the timeliness and quality of reporting produced by the SOC.• Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations.• Promote and drive implementation of automation and process efficiencies.BASIC QUALIFICATIONS:• Active TS/SCI security clearance required.• Bachelor's degree and 10+ years of prior cybersecurity experience. Additional work experience or Cyber courses/certifications may be substituted in lieu of degree.• 4+ years of supervising and/or managing teams.• 5+ years of intrusion detection and/or incident handling experience.• DoD 8570 IAT III and CSSP Incident Responder certifications required upon start.• Advanced knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) and/or Security Operations Center (SOC) operations in an organization in a large, complex environment.• Significant experience supervising and leading employees of various labor categories and technical skill levels in efforts similar in size and scope as the JSP DCO mission.• Mature understanding of industry accepted standards for incident response actions and best practices related to SOC operations.• Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.• Strong analytical and troubleshooting skills.• Must be a US Citizen.PREFERRED QUALIFICATIONS:• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.• Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large-scale incident response.• Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).• Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.Original Posting: April 16, 2025Pay Range: Pay Range $ - $The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.#J-18808-Ljbffr