Leidos has a current job opportunity for a Security Operations
Center (SOC) Lead on the DISA GSM-O program in Alexandria,
This position is responsible for leading the Joint Service
Provider (JSP) Security Operations Center (SOC). The SOC consists
of a variety of highly-skilled, technical staff performing cyber
incident handling, fusion analysis, non-compliance reporting, user
activity monitoring, and malware and forensic analysis.
Furthermore, the SOC lead coordinates 24x7 staffing to support
mission-critical operations, including incident response, and
manages surge support.
•Plan, direct, and manage day-to-day activities across the Security
Operations Center as well as high-tempo, high-visibility incident
response, when required
•Drive implementation and adoption of new tools, capabilities,
frameworks, and methodologies across all teams within the SOC
•Accountable for the timeliness and quality of reporting produced
by the SOC
•Instill and reinforce industry best practices in the domains of
incident response, cybersecurity analysis, case and knowledge
management, and SOC operations
•Promote and drive implementation of automation and process
•Bachelor's degree and 10+ years of prior cybersecurity experience.
Additional work experience or Cyber courses/certifications may be
substituted in lieu of degree
•4+ years of supervising and/or managing teams
•5+ years of intrusion detection and/or incident handling
•DoD 8570 IAT III and CSSP Incident Responder certifications
required upon start.
•Advanced knowledge in planning, directing, and managing Computer
Incident Response Team (CIRT) and/or Security Operations Center
(SOC) operations in an organization in a large, complex
•Significant experience supervising and leading employees of
various labor categories and technical skill levels in efforts
similar in size and scope as the JSP DCO mission.
•Mature understanding of industry accepted standards for incident
response actions and best practices related to SOC operations;
•Strong written and verbal communication skills, and the ability to
create technical reports based on analytical findings.
•Strong analytical and troubleshooting skills.
•Must be a US Citizen.
•Must be Top Secret – Sensitive Compartmented Information (TS/SCI)
Eligible (DIA Adjudicated or capable of reciprocal acceptance by
•Deep technical understanding of core current cybersecurity
technologies as well as emerging capabilities.
•Hands-on cybersecurity experience (Protect, Detect, Respond and
Sustain) within a Computer Incident Response organization including
prior experience performing large-scale incident response.
•Demonstrated understanding of the life cycle of cybersecurity
threats, attacks, attack vectors and methods of exploitation with
an understanding of intrusion set tactics, techniques and
•Familiarity or experience in Intelligence Driven Defense, Cyber
Kill Chain methodology, and/or MITRE ATT&CK framework.
External Referral Bonus:
Potential for Telework:
Clearance Level Required:
Scheduled Weekly Hours: