DESCRIPTION

The U.S. Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a U.S. Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations.
Leidos is seeking an experienced Security Operations Architect / Deputy Program Manager to join our team. As a member of this highly technical contract team supporting U.S. Customs and Border Protection (CBP), you will be responsible for coordinating operations of tools, optimizing security operations efficiencies, maintaining situational awareness of security operations and incidents, leading crisis action teams & high priority incident response procedures, ensuring quality root cause analysis documents, management of tools and processes, incidents and investigations, and ensuring chain of custody during incident investigations in support of the protection of the customers’ systems, networks, and assets.

PREFERRED QUALIFICATIONS:

• 
  Experience performing computer forensics in Federal Government, DOD or Law Enforcement environments.
• 
  Ability to script in one more of the following computer languages Python, Bash, Visual Basic or PowerShell.
• 
  Knowledge of the Cyber Kill Chain and MITRE ATT&CK framework
• 
  Advanced understanding of multiple Operating Systems, monitoring and detection techniques and methods, and Incident Response Lifecycle.
• 
  Prior experience with CBP/DHS
• 
  Between 2-3 years of experience in two or more of these specialized areas:
• 
  Cyber Threat Intelligence
• 
  Digital Media Forensics
• 
  Incident Response

The candidate shall provide support to CBP OIT’s Cybersecurity Directorate (CSD) in support of security operations, engineering, and security policy according to established policies, handbooks, and Standard Operating Procedures (SOPs). This support includes enhancing and maturing security operations by identifying new technologies for implementation, better utilizing tools that are currently deployed, and mature processes by facilitating Lessons Learned programs. The main focus of this task is to work with the OIT CSD teams to lead the design, implementation, and continuous improvement of cybersecurity operations. This role will serve as a strategic technical leader, collaborating across IT, security, and external teams to ensure robust detection, response, and recovery capabilities.
-
Lead technical efforts during major incident investigations and post-incident reviews.
-
Provide architectural leadership and guidance during incident response events, coordinating with internal and external teams to analyze threats, contain breaches, and ensure timely recovery.
-
Architect and enhance cybersecurity operations platforms including SIEM, SOAR, EDR, NDR, Threat Intelligence Platforms (TIP), MDM, DLP, etc.
-
Design and optimize processes, technologies, and procedures surrounding security monitoring, incident detection/response processes, forensic collection and analysis, cyber threat hunting processes and procedures, and more.
-
Track expenditures throughout the program lifecycle, ensuring adherence to budgeted amounts and analyze burn rates and provide insights to prevent over- or under-spending.
-
Assist the Program Manager in developing the overall program budget in alignment with project goals and organizational guidelines and establish baseline budgets and track planned vs. actual performance over time.
-
Collaborate with SOC, Cyber Threat Intelligence, Digital Forensics, Cyber Threat Hunt, VAT/Penetration Testing Team, SIEM team, and engineering teams to ensure cohesive and scalable security operations to ensure the security operations architecture aligns with business objectives, compliance requirements, and organizational risk appetite.
-
Define and maintain architecture standards for security event logging, telemetry collection, and alert correlation.
-
Develop detection use cases and response playbooks, mapping to frameworks like MITRE ATT&CK, to proactively identify and respond to advanced threats and adversary Tactics, Techniques, and Procedures (TTPs).
-
Define performance metrics and KPIs for security operations effectiveness, leveraging dashboards, reports, and threat modeling to measure detection coverage, false positives/negatives, incident response times, and analyst resources.
-
Stay current with emerging threats, vulnerabilities, and industry trends to proactively enhance detection capabilities.
-
Effectively investigate and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
-
Assist the Program Manager with leading and overseeing the cybersecurity program and initiatives from planning through execution, ensuring alignment with business goals and regulatory requirements.
-
Assist the Program Manager with developing and managing program roadmaps, budgets, timelines, and resource plans, coordinating efforts across security, IT, risk, and business units.
-
Serve as the primary liaison between cybersecurity teams and Program Leadership as well as executive stakeholders, effectively communicating program status, risks, and outcomes.
-
Monitor and report on program performance, using KPIs and metrics to assess progress, drive accountability, and support continuous improvement.
Basic Qualifications:
-
SANS GCIH certification
-
Requires BS degree and 10 or more years of direct relevant experience.
-
A minimum of two years of direct experience as a Security Operations Center (SOC) Manager.
-
A minimum of two years of direct experience as a Deputy Program Manager.
-
Previous experience contributing to or leading incidents and threat investigations in support of DHS or Federal Agency SOC operations.
-
Degree in computer science, IT, Information/Cyber Security field from an accredited college or university.
-
Flexible and adaptable self-starter with strong relationship-building skills
-
Effective communication skills with emphasis on attention to detail, ability to accurately capture and document technical remediation details, and ability to brief stakeholders on incident statuses, recovery and root causes.
-
Strong problem-solving abilities with an analytic and qualitative eye for reasoning under pressure.
-
Ability to independently prioritize and complete multiple tasks with little to no supervision.