Description Leidos is on the lookout for a skilled Lead Cybersecurity Incident Analyst to head up its Intrusion Analyst team. In this critical role, you will lead a dedicated team of approximately seven analysts supporting 24/7 operations for NOAA's Security Operations Center (SOC). Your responsibilities will include incident handling, forensic analysis, and fulfilling additional investigative functions as needed. Collaborating closely with the Security Operators team, engineering team, and various agency constituents will be key to your success.
As a candidate, you must possess an active DoD Top Secret clearance (US Citizenship required).
Location: This position is based in Fairmount, WV or Boulder, CO
Primary Responsibilities: - Lead a team of up to 7 analysts conducting defensive cybersecurity operations around the clock.
- Ensure the team's effective performance aligned with established operational standards and expectations.
- Provide hands-on technical support during high-visibility cybersecurity incidents.
- Identify and implement improvements to SOC processes and tools to enhance overall mission effectiveness.
- Focus on the professional development of team members to cultivate career growth and ensure long-term mission success.
- Analyze events throughout NOAA FISMAs to offer early warning capabilities and provide actionable insights for prioritizing cyber mitigation efforts and investment strategies.
- Integrate and enrich disparate information sources to provide actionable intelligence and advice to network operators and management.
- Perform in-depth analysis of anomalous behavior using log data from various security tools.
- Facilitate the collection of requirements for content creation and technology implementation.
Basic Qualifications: - BS degree and at least 4 years of relevant experience, or comparable experience in lieu of degree.
- Prior experience as a SOC analyst is necessary.
- Solid experience in cybersecurity Incident Response is a must.
- An active advanced Cyber certification (e.g., CySA+, GCIH, CEH) is required.
- Demonstrated experience in leading small teams or groups.
- Must be a team player with strong analytical and troubleshooting skills.
- Possess an upbeat, positive attitude.
- Excellent written and verbal communication skills are essential.
Preferred Qualifications: - Previous leadership experience in a SOC environment is preferred.
- Working knowledge of SIEM and incident management solutions.
- Technical understanding of core cybersecurity technologies and emerging capabilities.
- Hands-on experience in cybersecurity is a plus.
- Understanding of cybersecurity threat life cycles, attack vectors, and exploitation methods.
- Familiarity with Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
- Experience with Cloud concepts and threat response in Cloud environments.
- Knowledge of the NOAA mission would be beneficial.
NOAAGOV