Description Job Description:
Functions of this role include:
Active participant in 24x7 operations of the US Mint SOC
- Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation
- Proactively research and monitor security information to identify potential threats that may impact the organization
- Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc
- Act as main investigators for potential incidents identified by Tier 1 or 2 analysts as well as any high visibility issues
- Knowledgeable on multiple technology and system types
- Defining protocols and maturing 'playbooks' of operational response to cyber threats
- Ability to work within the playbooks as well as helping to define new procedures/playbooks when necessary
- Operate autonomously to further investigate and escalate in accordance with protocols and contractual SLAs
- Participate and lead SOC working groups. Collaborate across organizational lines and develop depth in your desired cyber discipline and/or technologies
- Track and update incidents and requests based on client's updates and analysis results
- Provide teaching/mentoring to SOC Tier 1 and 2 Analysts
- Must be US Citizen
- Ability to obtain public trust clearance.
- 5+ Years of experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments
- Experience working with threat hunting, malware reverse engineering and/or digital forensics
- Experience with tuning and building use cases for a SIEM and preferred experience with administration of SIEM tools
- SOC TIER 3: 8+ years of experience within specific security disciplines (ie forensics, email security, monitoring + detection, mobility, etc.)
- In depth understanding of cyber landscape and typical threat vectors
- In depth understanding of operational requirements and impacts of working within a FISMA High System
- Experience speaking to and working with executive leadership as well as ability to write reports and findings to executives
- Should have expertise on TCP/IP network traffic and event log analysis
- CEH, Security+, CISSP or relevant IT technology certification.
Period of Performance:
The period of performance for this effort is upon award through 12/18/2021 with an option to extend through 6/18/2022.
Place of Performance:
Place of performance shall be remote.
Estimated Level of Effort:
It is anticipated that up to 40 hours per week will be required. Subcontractor is not permitted to work overtime beyond 40 hours a week without written and prior approval from the Leidos Program Manager.
EDUCATION & EXPERIENCE: BS degree and 8 - 12 years of prior relevant experiencePay Range: