Cybersecurity Analyst

The Leidos Digital Modernization sector is seeking talented and cleared Cyber Security Analysts to join our dynamic team supporting the DISA GSM-O II program. We are continuously building our team and invite qualified candidates to apply. Our recruiting team will reach out to applicants as positions become available.

About the Role: 

As a Cyber Security Analyst, you'll be on the front lines, defending Department of Defense networks from evolving cyber threats. You will be a key member of our 24x7 security operations team, responsible for: 

• Analyzing real-time cyber threat intelligence to stay ahead of emerging threats. 
• Correlating security events to identify and prioritize potential incidents. 
• Conducting in-depth network traffic analysis using raw packet data to uncover malicious activity. 
• Collaborating with incident response teams to contain and eradicate threats. 
   

Shift Opportunities: 

We offer flexible shift options to accommodate your needs. The primary available shifts are: 7:00 AM - 3:00 PM, 3:00 PM - 11:00 PM, & 11:00 PM - 7:00 AM. Shift assignments will be based on program requirements and your preference, but some flexibility may be required. 

Locations: 

Team members can be based out of one of the following locations depending on position availability: Hill AFB, UT, Scott AFB, IL, and Columbus, OH.  

Primary Responsibilities: 

• Investigate alerts generated from endpoints, IDS/IPS, NetFlow data, and custom sensors to detect compromises on customer networks. 
• Analyze extensive log files, pivot between diverse datasets, and correlate evidence to support incident investigations, creating detailed technical reports outlining your findings. 
• Triage security alerts to rapidly identify malicious actors targeting customer networks. 
• Monitor and analyze DoD and open-source intelligence feeds to identify Indicators of Compromise (IOCs) and integrate them into security sensors and SIEMs. 
• Report security incidents to customers and USCYBERCOM, ensuring timely communication and coordinated response. 
   

Required Qualifications: 

• Minimum active DoD Secret clearance with the ability to obtain TS/SCI. 
• Current DoD 8570 IAT Level II certification (or higher), such as CompTIA Security+ CE, ISC2 SSCP, or SANS GSEC (or equivalent). 
• Ability to obtain DoD 8570 CSSP-A Level Certification (e.g., CEH, CySA+, GCIA, or equivalent) within 180 days of hire. 
• Strong foundation in networking, including packet analysis, common ports and protocols, and traffic flow. Knowledge of the OSI model, defense-in-depth security principles, and common security elements for effective threat detection, analysis, and mitigation as a SOC Security Analyst. 
• Education and experience requirements: 
  • Level I: Bachelor's degree and 1+ years of relevant experience; equivalent work experience and/or military service may be considered in lieu of a degree. 
  • Level II: Bachelor's degree and 3+ years of relevant experience; equivalent work experience and/or military service may be considered in lieu of a degree. 
• Proven ability to work effectively both independently and as a collaborative team member, demonstrating initiative and a strong work ethic in both settings.  
• Committed to continuous learning and self-improvement in the cybersecurity domain, as evidenced by ongoing pursuit of certifications, active participation in industry forums, and dedication to staying ahead of emerging threats and technologies. 
• Excellent problem-solving skills, including the ability to collaborate effectively with cross-functional teams to address complex security challenges in real-world scenarios. This includes the ability to communicate technical information clearly and concisely, build consensus, and drive solutions to completion.  
• Reliable and flexible, with a demonstrated willingness to work assigned shifts to support operational requirements and team objectives. 
• Located within a commutable distance (within 2 hours) or able to self-relocate to Hill AFB, UT; Scott AFB, IL; or Columbus, OH. 
   

Preferred Qualifications: 

• Hands-on experience analyzing large volumes of logs, network data (e.g., Netflow, Full Packet Capture), and other attack artifacts during incident investigations. 
• In-depth experience using a SIEM/SOAR platform to analyze multiple log types and events across various data points, applying techniques such as behavioral analysis, statistical analysis, and machine learning to detect and respond to advanced threats.  
• Comprehensive understanding of the network threat lifecycle, attack vectors, and methods of exploitation, including intrusion set tactics, techniques, and procedures (TTPs). 
• Experience with Anti-Virus, HIPS/HBSS, IDS/IPS, Full Packet Capture, and Network Forensics tools. 
• Experience or knowledge in monitoring, defending, or administering cloud networks (e.g., AWS, Azure, GCP), including cloud-native security tools and strategies for protecting data in cloud environments. Experience identifying and mitigating cloud-specific attacks.  
• Experience managing, defending, administering, or deploying mobile devices (iOS, Android) for enterprise, including mobile device management (MDM), mobile application management (MAM), and mobile threat defense (MTD). A strong understanding of mobile security best practices and mobile threat landscape is highly desired.  
• Scripting and programming skills. 

 
Join our team and make a real difference in protecting our nation's critical infrastructure! Apply today!