Senior Incident Responder - Herndon, United States - Workday

    Workday
    Workday Herndon, United States

    4 weeks ago

    Default job background
    Description


    Looking for an opportunity to make an impact?At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers success.

    We empower our teams, contribute to our communities, and operate sustainably.

    Everything we do is built on a commitment to do the right thing for our customers, our people, and our community.

    Our Mission, Vision, and Values guide the way we do business.

    If this sounds like the kind of environment where you can thrive, keep readingLeidos Intelligence Group uses a wide range of capabilities in Digital Modernization, Mission Software Systems, and enabling technologies like Artificial Intelligence and Machine Learning to support our customers mission to defend against evolving threats around the world.

    Our teams focus is ensuring our intelligence customers have the right tools, technologies, and tactics to keep pace with an ever-evolving security landscape and succeed in their pursuit to protect people and critical assets.

    Your greatest work is aheadLeidos Transportation and Border Security Services (T&BSS) Division is hiring for a Senior Incident Responder in Northern Virginia.

    You will support our TSA customer in their Security Operations Center (SOC). This position is contingent upon contract award.


    What youll be doing:


    Must have the ability and prior experience with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents.

    This includes the identification of malicious code present within a computer system as well identification of malicious activities that are present within a computer system and/or enterprise network.

    Must possess excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefingsMust possess excellent organizational and attention to details skills.

    Must possess a working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks. A conceptual understanding of Windows Active Directory is also required.
    Must possess a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, Multi-Protocol Label Switching (MPLS), etc.) and common internet applications and standards (e.g.

    SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc.), and devices such as firewalls, proxies, load balancers, VPN, etc.

    Work with various event logging systems and must be proficient in the review of security event log analysis.

    Previous experience with Security Information and Event Monitoring (SIEM) platforms that perform log collection, analysis, correlation, and alerting is also required.

    Utilize various packet capture (PCAP) applications/engines and in the analysis of PCAP data.
    Identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
    Develop, document, and maintain Incident Response SOPs, processes, procedures, playbooks, and workflows.
    Expert understanding of the Incident Response and Attacker lifecycles.
    Tune and maintain security tools (EDR, IDS, SIEM, etc) to reduce alert false positives and improve SOC detection capabilities.
    Ensure investigation and Incident Response actions are documented thoroughly in Case Management Systems; prepare formal Incident Reports.
    Develop security content to include but not limited to scripts, signatures, dashboards, and metrics.
    Familiarity with Cyber Kill Chain, ATT&CK, and other industry frameworks.

    Normal work hours include 8:00 AM 5:00 PM, on-call, and after-hours support in response to incidents as dictated by mission requirements.

    What does Leidos need from me?Active Secret security clearance required.

    Minimum of three years of experience in working as a network security analyst in a security operations center and/or in handling, responding and managing computer security incidents.

    Bachelors Degree in Information Technology or related disciplines; or have equivalent and direct experience in working as a network security analyst in a security operations center and/or in handling, responding and managing computer security incidents.


    Favorable if you have:
    Experience with Cloud Service Providers, familiarity with cloud architectures, and performing Incident Response in cloud environments.

    Advanced certification in incident handling (GCIH, CEH or equivalent); SANS advanced certifications (GCFA, GREM, GNFA); OCSP and quality penetration testing desired.


    Pay Range:

    Pay Range $97, $176,250.00The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary.

    Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

    #J-18808-Ljbffr