Cybersecurity Capability Developer SME

Leidos is seeking a detail-oriented and proactive Cybersecurity Capability Developer Subject Matter Expert to join our team in Huntsville, AL or Clarksburg, WV.   The position will be part of an Enterprise Security Operations Center 24/7/365 Watch Floor team providing Threat Detection engineering.  The position requires expertise in security analytics, data correlation, threat intelligence, and automation within a Security Information and Event Management (SIEM) platform or equivalent detection systems.

At Leidos, you'll join a team of innovators tackling some of the world's most critical challenges through cutting-edge technology and bold ideas. We foster a dynamic and collaborative environment where your expertise will directly contribute to mission success and the significance of your contributions will only be surpassed by the exceptional opportunities for your professional growth and advancement.

Primary Responsibilities:

• Develop, implement, and maintain detection rules to identify malicious behaviors.

• Optimize detection efficacy by reducing false positives and increasing true positive rates

• Document detection processes, methodologies, and workflows.

• Share insights and mentor team members on best practices in threat detection.

• Design, develop, and maintain cybersecurity tools, scripts, and capabilities that enhance operational effectiveness within the ESOC watch floor.

• Create automation solutions to streamline processes for threat detection, incident triage, response workflows, and reporting, ensuring faster and more efficient security operations.

• Integrate security technologies and data sources to improve detection, monitoring, and response capabilities

• Continuously test and optimize developed capabilities, ensuring their functionality and efficiency during live security operations

Basic Qualifications:

• Active Top-Secret Clearance with eligibility for SCI

• US Citizenship

• 10+ years of experience

• Experience with Splunk Enterprise Security

• Familiarity with all related aspects of cybersecurity operations and security architecture

• In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies.

Preferred Qualifications:

• Strong expertise in SIEM platforms and familiarity with query languages (e.g. SPL, KQL).

• Understanding of malware behaviors, threat actors, and attack tactics (MITRE ATT&CK).

• Experience with automation and scripting (e.g., Python, PowerShell).

• Ability to independently assess and improve detection rules.

• Excellent troubleshooting and documentation skills.

• Experience with Microsoft Sentinel

• Experience with FBI, DHS, IC, and DoD Networks.

• Experience with mitigation development against malicious cyber activity

• One of the following certifications:

  • GIAC Continuous Monitoring Certification (GMON)

  • GIAC Certified Incident Handler (GCIH)

  • GIAC Certified Forensic Analyst (GCFA)

  • GIAC Certified Intrusion Analyst (GCIA)

  • GIAC Network Forensic Analyst (GNFA)

  • GIAC Cloud Threat Detection (GCTD)

  • GIAC Cloud Forensics Responder (GCFR)

  • Certified Information Systems Security Professional (CISSP)

Original Posting:April 17, 2025

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:Pay Range $126,100.00 - $227,950.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.