DESCRIPTION

Leidos is seeking an experienced Incident Response Analyst to support this highly visible cyber security operations center (SOC) for Customs Border Protection (CBP), cyber analysis, application development, and a 24x7x365 support staff.
Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations.

BASIC QUALIFICATIONS:

• Bachelor’s Degree and 4-8 years of experience be in the areas of incident detection and response, remediation malware analysis, or computer forensics.

• Prior relevant experience should be in the areas of incident detection and response, malware analysis, or computer forensics.

• Additional certs may be considered in place of a degree.
• Must be a US Citizen.

Clearance: A Secret Clearance is required with the ability to obtain a Top Secret SCI. In addition to specific security clearance requirements all CBP SOC employees are required to successfully complete a CBP Background Investigation to support this program

PREFERRED QUALIFICATIONS:

• Experience in Federal Government, DOD or Law Enforcement in CND, IR or SOC role

• Cyber Kill Chain Knowledge

• Ability to script in one more of the following computer languages Python, Bash, Visual Basic or Powershell .
• One of the following certs: CCNA, CCNP, CCSP, CEH, CNDA, DCITA, ECES, ECSA, ECSP, ECSS, ENSA, GCIA, GCIH, GISF, GNFA, GPPA, GWEB, LPT, OSCP, OSEE, SEI, CCISO

PRIMARY RESPONSIBILITIES:

• Shift schedule: 7am-7pm, Thurs-Sat, every other Wednesday.

• The ideal candidate will have a basic understanding of cyber threats, information security, and monitoring and detection. The candidate must be familiar with TCP/IP ports and protocols, intrusion detection systems, and netflow analysis.

• Security+ Certification or equivalent in industry certification, background and knowledge.
• Knowledge of TCP/UDP/IP networking, familiarity with packet analysis tools such as WireShark, and a general understanding of networking protocols similar to COMPTIA Network+

Experience in Federal Government, DOD or Law Enforcement in CND, IR or SOC role

• Cyber Kill Chain Knowledge
• Ability to script in one more of the following computer languages Python, Bash, Visual Basic or Powershell .
• One of the following certs: CCNA, CCNP, CCSP, CEH, CNDA, DCITA, ECES, ECSA, ECSP, ECSS, ENSA, GCIA, GCIH, GISF, GNFA, GPPA, GWEB, LPT, OSCP, OSEE, SEI, CCIS