SOC Technical Lead

Through the J6 Penetration Handling, Incident, System Health (PHISH) support services task order on the GSM-O contract, we provide IT products, services and solutions to the Pentagon and other DoD offices and agencies for them to meet mission and business requirements. Our Cybersecurity team performs cyber defensive actions in support of J6 to prevent, detect, respond and recover from adversarial activities.

This position provides technical leadership to the J6 Security Operations Center (SOC) lead and staff. Beyond advising and guiding technical matters, this position is tasked with driving implementation and adoption of new tools, capabilities, frameworks, and methodologies while ensuring those already in use are implemented and utilized properly.

Primary Responsibilities

• Serve as a people leader for personnel supporting the Transport and End Point Services watch desk.
• Conduct annual performance assessments to include periodic check‑ins.
• Validate and approve time charging for both Leidos and vendor personnel.
• Provide coaching and mentoring to personnel.
• Develop and execute continual service improvement technical strategies to modify and enhance operational processes and impact strategic project/goals and business results.

Technical Leadership & Tool Adoption

• Provide technical leadership to the JSP DCO Security Operations Center.
• Drive implementation and adoption of new tools, capabilities, frameworks, and methodologies across all teams within the SOC.
• Provide technical guidance and support to the SOC lead.
• Work with the Security Infrastructure team to address issues with SOC tools and data feeds.
• Identify and offer solutions to gaps in capabilities and visibility.
• Promote and drive implementation of automation and process efficiencies.

Basic Qualifications

• Active Top Secret security clearance is required, and Top Secret–Sensitive Compartmented Information (TS/SCI) eligible.
• Bachelor’s degree and 8+ years of prior IT experience (additional work experience or cyber courses/certifications may be substituted in lieu of a degree).
• 5+ years of intrusion detection and/or incident handling experience.
• DoD 8570 IAT III and CSSP Incident Response certifications required prior to starting.
• Prior experience supervising employees of various labor categories and skills in efforts similar in size and scope.
• Advanced knowledge of solution development techniques and best practices related to demonstration, pilot, and test management and operations.
• Demonstrated advanced knowledge of industry accepted standards.
• Demonstrated experience with researching and fielding new and innovative technology.
• Demonstrated advanced experience in configuring cybersecurity tools to feed events, alerts, and logs to SIEM technologies.
• Motivated self‑starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.
• Strong analytical and troubleshooting skills.

Preferred Qualifications

• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
• Experience implementing automation to reduce mundane tasks and expedite processes.
• Hands‑on cybersecurity experience (protect, detect, respond, and sustain) within a computer incident response organization.
• Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
• Familiarity with or experience in Intelligence‑Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.