[Remote] Incident Response Deputy Team Lead

Note: The job is a remote job and is open to candidates in USA. Leidos is seeking an experienced Incident Response professional to join their team, focusing on managing day-to-day operations within the Cyber Security Operations Center for U.S. Customs and Border Protection. The role involves coordinating incident response efforts, performing technical analysis of network logs, and leading a team of analysts to enhance the protection of customer systems and networks. Responsibilities • Responsible for assisting the CIRT Team Lead with managing the team of CIRT analysts, Incident Response actions and priorities, technical analysis and root cause analyses, and interfacing with the customer • Partner with other task leads in support of customer initiatives and cyber incidents • Create dashboards for key metrics and processes and deliver technical presentations to various levels of customer leadership • Interface with senior DHS & CBP leaders and directors to help maintain and sustain critical systems supporting the CBP Security Operations Center • Utilize state of the art technologies such as host forensics tools(FTK/Encase), Endpoint Detection & Response tools, log analysis (Splunk) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data • Conduct in-depth analysis on hosts and networks, forensic analysis, log analysis, and triage in support of incident response • Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response processes • Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes • Lead incident response activities and mentor junior SOC staff • Work with key stakeholders to implement remediation plans in response to incidents • Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership • Flexible and adaptable self-starter with strong relationship-building skills • Ability to stay up to date with the latest threat intelligence, security trends, tools and capabilities • Possess strong problem-solving abilities with an analytic and qualitative eye for reasoning • Ability to independently prioritize and complete multiple tasks with little to no supervision • Effectively communicate with customer leadership and disseminate timely updates of critical incidents with emphasis on attention to detail and accurate reporting Skills • Bachelor's degree in a science or engineering field, IT, or Cybersecurity related field • 5+ years of experience be in the areas of incident detection and response, remediation, malware analysis, or computer forensics • Ability to prioritize and complete multiple tasks with little to no supervision • Experience organizing, directing, and managing contract operation support functions involving multiple, complex, and interrelated project tasks • Experience effectively communicating at senior levels within a customer organization • Advanced knowledge of the Incident Response Lifecycle and applicability to various types of incidents and situations • Ability to collaborate with technical staff and customers to identify, assess, and resolve complex security problems/issues/risks and facilitate resolution and risk mitigation • Effective communication skills with emphasis on attention to detail, ability to accurately capture and document technical remediation details, and ability to brief stakeholders on incident statuses • Experience creating new processes, playbooks, and SOPs for new tools and workflows. Prior relevant experience should be in the areas of incident detection and response, malware analysis, or computer forensics • Ability to script in one more of the following computer languages Python, Bash, Visual Basic or PowerShell • Experience running cyber incident investigations with emphasis on attention to detail, adept communication skills, and adherence to defined escalation paths • All CBP SOC employees are required to currently possess a a CBP Background Investigation to support this program • The candidate should have at minimum ONE of the following certifications: CompTIA Cyber Security Analyst (CySA+), CompTIA Linux Network Professional (CLNP), CompTIA Pentest+, CompTIA Cybersecurity Analyst (CySA+), GPEN – Penetration Tester, GWAPT – Web Application Penetration Tester, GSNA – System and Network Auditor, GISF – Security Fundamentals, GXPN – Exploit Researcher and Advanced Penetration Tester, GWEB – Web Application Defender, GNFA – Network Forensic Analyst, GMON – Continuous Monitoring Certification, GCTI – Cyber Threat Intelligence, GOSI – Open Source Intelligence, OSCP (Certified Professional), OSCE (Certified Expert), OSWP (Wireless Professional), OSEE (Exploitation Expert), CCFP – Certified Cyber Forensics Professional, CISSP – Certified Information Systems Security, CEH – Certified Ethical Hacker, CHFI – Computer Hacking Forensic Investigator, LPT – Licensed Penetration Tester, CSA – EC Council Certified SOC Analyst (Previously ECSA – EC-Council Certified Security Analyst), ENSA – EC-Council Network Security Administrator, ECIH – EC-Council Certified Incident Handler, ECSS – EC-Council Certified Security Specialist, ECES – EC-Council Certified Encryption Specialist • Experience in Federal Government, DOD or Law Enforcement in CND, CIRT or SOC role • Knowledge of the Cyber Kill Chain and the MITRE ATT&CK framework • Knowledge of Structured Analytic Techniques Benefits • Competitive compensation • Health and Wellness programs • Income Protection • Paid Leave • Retirement Company Overview • Leidos is a Fortune 500® innovation company rapidly addressing the world’s most vexing challenges in national security and health. It was founded in 1969, and is headquartered in Reston, Virginia, USA, with a workforce of 10001+ employees. Its website is Apply tot his job