Endpoint Cyber Operations Analyst

The Leidos Cybersecurity Capabilities Organization has an immediate opening for a motivated Endpoint Cyber Analyst to join the Endpoint Cybersecurity Operations team. This position can be supported from Orlando – FL, Reston – VA, Gaithersburg – MD, or telework for the right candidate.

You will join a team of other endpoint cybersecurity analysts in providing day to day operational support across a range of Leidos managed enterprise endpoint security solutions. This role focuses on learning to support & maintain industry leading cyber security products while gaining experience defending a Fortune 500 organization. Working closely with the Endpoint Cybersecurity Engineering team, you will be expected to "think like an adversary" and provide analyst-centric input into every phase in the Cyber Defense development process from an endpoint security perspective. Additionally, you will provide written documentation in support of the Endpoint Cybersecurity Operations standard operating procedures (SOPs) and contribute to the technical innovation that will evolve Leidos' defensive capabilities and methodologies. 

Primary Responsibilities

•           Daily ticket queue management.

•           Operational support & maintenance for endpoint security solutions (e.g., Anti-Virus, Host Firewall, Forensics based tools, Privilege management, application whitelisting, EDR).

•           Rotational on-call responsibilities.

•           Technical control implementation & enforcement based on inputs received by the Leidos Cybersecurity Intelligence & Response Center (CSIRC), Endpoint Cybersecurity Engineering team, and other internal organizations, leaders, stakeholders where applicable.

•           Support change management tasking relative to the security policies associated with the endpoint security solutions that you support.

•           Work closely with your team lead\manager to ensure tasks are executed on time.

•           Ensure documentation relative to the supported endpoint security products, procedures, services, etc., are written and centrally accessible.

•           Create and monitor reporting for compliance.

•           Provide inputs back to the Endpoint Cybersecurity Engineering team with the goal of identifying and remediating existing gaps in vendor solutions and platform technologies.

•           Collaborate using information and knowledge sharing networks and professional relationships to achieve common goals.

•           Take direction & guidance from the endpoint cybersecurity engineering team (and others) and perform other tasks as assigned.

Basic Qualifications

•           Ability to write and verbally communicate information security and risk-related concepts effectively to both technical and non-technical audiences.

•           Strong problem-solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations.

•           Fundamental understanding of accepted security practices, troubleshooting issues, attack vectors, and customer support.

•           Understanding of Operating Systems and Network Protocols.

•           Foundational understanding of advanced threat detection in an enterprise environment.

•           Foundational understanding of malware families, their types, and the threat they pose

•           US Citizenship is required.

Preferred Qualifications

•           B.S in Computer Science, Computer Engineering, Information technology, or other Cyber Security field from an accredited university. Additional years of relevant experience or technology certifications may be considered in lieu of degree. This should include 1 – 2 years of endpoint security experience.

•           Experience operating, troubleshooting, and maintaining endpoint security solutions (e.g., Anti-Virus, Host Firewall, Forensics based tools, Privilege management, application whitelisting, EDR, cloud-based solutions).

•           Knowledgeable of forensic procedures and practices including imaging and memory analytics.  Specifically, the design, maintenance, and documentation of enterprise forensic capabilities.  (Popular commercial products include: EnCase, FTK, and others)

•           Windows 10 security best practices and configurations.

•           MacOS security best practices and configurations.

•           Linux System Administration experience or experience with Linux OS hardening.

•           Proficiency with Microsoft Windows administrative & troubleshooting tools.

•           Demonstrated experience performing cybersecurity analysis from an operators point-of-view

•           Demonstrated knowledge of common information security management frameworks such as ISO/IEC 27001, ITIL, COBIT and NIST and an understanding of relevant legal and regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.

•           Functional understanding of scripting languages (Batch, PowerShell, Python, VBScript, etc.)

•           GIAC GCIA Certification or other cyber security certifications are a plus.

•           Experience with Splunk (preferred) or other SIEM platform.

•           Experience with Cloud-based information protection and cyber security.

•           Eligible to obtain a DoD Secret Security Clearance.

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.