Jr Intrusion Detection Analyst
Now Seeking Problem Solvers
Join Leidos to help make our communities, our nation, and our world a better place
Leidos is looking for a dynamic, detail-oriented, and quick-thinking person to thrive in this junior-level analyst role focusing on intrusion detection and response to threats against our customers’ enterprises. Analysts are responsible for monitoring multiple customer networks simultaneously using a Security Information and Event Management (SIEM) tool to detect and analyze IT security incidents. The analyst will follow detailed processes and procedures to escalate these incidents. The ideal candidate is enthusiastic about information security and defending against malware, attacks, reconnaissance, and other threats. The analysts are exposed to a wide variety of security technologies very quickly due to the multiple customers who all have various security technologies implemented. The analyst must rapidly determine if events are a threat or not and communicate this information to the customer in the form of investigations and escalations, all through written media, so good writing skills are essential. This role is an integral part of the Security Operations Center (SOC) and its mission to improve the information security of our customers. The SOC is composed of 10-12 tier 1 analysts, several shift supervisors, and the manager. This position is for one of the tier 1 analysts, who will work with 1-5 other analysts at a time depending on time of day, and reporting to the shift supervisor. The SOC is part of a larger Leidos Cyber group that provides security engineering, endpoint protection, SIEM engineering, and other security functions to federal and commercial customers. The SOC is on a 10 hour per day, 4 day per week schedule and operates 24/7/365 so some holiday work will be required. The analyst can expect to work normal hours for the first month or two until all accounts are established and an interim security clearance is granted, then move to a night or weekend shift in order to allow other analysts to rotate back to a day shift.
- Monitor security events in the SIEM and other general office tools.
- Triage incoming security events, perform analysis, and escalate to supervisors and customers if events deem additional response action.
- Communicate the severity of the threat and recommendations for remediation to the customer and other cyber security personnel through written and verbal media.
- Monitor security appliance health and perform basic troubleshooting of security devices; notify security engineering as necessary for malfunctioning equipment.
- Follow detailed processes and procedures to analyze and escalate critical information security incidents; these procedures vary from customer to customer.
- Provide 24x7 Operational support on a shift schedule (including overnight shifts and weekends).
TYPICAL EDUCATION AND EXPERIENCE: Minimum high school education or equivalent with some college and 1+ years of related IT experience, preferably in a network engineer capacity. Most analysts have bachelor degrees, all have at least a basic information security certification.
- General network background including familiarity with OSI and TCP/IP models, ports and protocols, and Internet communications technologies (HTTP, DNS, SMTP, etc)
- Familiarity with various malware packages and how they communicate
- Familiarity with network- and host-based security technologies and products (firewalls, IDS/IPS, AV, web filters, UTM)
- Enthusiasm for information security and demonstrated ability to learn about new threats without guidance
- Demonstrated ability to work in a team environment
- Network+, CCENT, CCT, or other industry standard certifications in networking
- Security+, GISF, GSEC, GCIA, CISSP, or other industry standard certifications in information security
- 1+ years of information security related experience, in areas such as: security operations, incident analysis, incident handling, vulnerability testing, system patching, log analysis, intrusion detection, or firewall administration
- Candidates with SIEM experience (RSA Netwitness, McAfee ESM, HP Arcsight, and Splunk) will receive expedited consideration
- Host-based antivirus applications (McAfee VSE with ePO integration)
- Operating Systems: Strong understanding of Windows and Unix/Linux
- Networking: Strong understanding of enterprise-level networks, networking protocols, devices, and architecture
Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin's Information Systems & Global Solutions business (IS&GS). For more information, visit www.Leidos.com. The company’s diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos is an Equal Opportunity Employer.
Company Type: Public Company
Company Size: 10,001+