Description

Functions of this role include:
Active participant in 24x7 operations of the US Mint SOC

• Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation
• Proactively research and monitor security information to identify potential threats that may impact the organization
• Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc
• Act as main investigators for potential incidents identified by Tier 1 or 2 analysts as well as any high visibility issues
• Knowledgeable on multiple technology and system types
• Defining protocols and maturing 'playbooks' of operational response to cyber threats
• Ability to work within the playbooks as well as helping to define new procedures/playbooks when necessary
• Operate autonomously to further investigate and escalate in accordance with protocols and contractual SLAs
• Participate and lead SOC working groups. Collaborate across organizational lines and develop depth in your desired cyber discipline and/or technologies
• Track and update incidents and requests based on client's updates and analysis results
• Provide teaching/mentoring to SOC Tier 1 and 2 Analysts

Basic Qualifications:

• Must be US Citizen
• Ability to obtain public trust clearance.
• 5+ Years of experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments
• Experience working with threat hunting, malware reverse engineering and/or digital forensics
• Experience with tuning and building use cases for a SIEM and preferred experience with administration of SIEM tools
• SOC TIER 3: 8+ years of experience within specific security disciplines (ie forensics, email security, monitoring + detection, mobility, etc.)
• In depth understanding of cyber landscape and typical threat vectors
• In depth understanding of operational requirements and impacts of working within a FISMA High System
• Experience speaking to and working with executive leadership as well as ability to write reports and findings to executives
• Should have expertise on TCP/IP network traffic and event log analysis

Desired Qualifications:

• CEH, Security+, CISSP or relevant IT technology certification.

.

Period of Performance:

The period of performance for this effort is upon award through 12/18/2021 with an option to extend through 6/18/2022.

Place of Performance:

Place of performance shall be remote.

Estimated Level of Effort:

It is anticipated that up to 40 hours per week will be required. Subcontractor is not permitted to work overtime beyond 40 hours a week without written and prior approval from the Leidos Program Manager.

EDUCATION & EXPERIENCE: BS degree and 8 - 12 years of prior relevant experience

#Remote