**Description** The **Security Operations Center (SOC) Shift lead/Senior Analyst** will report directly to the SOC Manager. In addition to the foundational mission requirements as a SOC analyst, the SOC Shift Lead will be the point of accountability for the day shift. The SOC Shift Lead will manage the distribution of tasks as they are assigned to the team and perform Quality Control checks on high priority and Very Important Person tickets. The SOC Shift Lead will ensure that personnel on shift execute operations as prescribed in SOPs and guidance issued by the customer and SOC Manager. The SOC Shift lead will need to evaluate the security operations and Incident Response skillsets, or skills gaps, for each team member. Communication with the team and chain-of-command is paramount to ensure problems identified within the mission, staffing, and generally for team morale are mitigated quickly. The SOC Shift Lead will provide expert technical support in the areas of Incident Response (IR), Network Defense, and SIEM content creation. Additionally, the ideal candidate will be an expert in cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. **REQUIRED Qualifications:** + Must be a U.S. Citizen. + Ability to obtain a Public Trust clearance. + A minimum of seven (7) years of professional experience with a solid understanding of incident response, insider threat investigations, forensics, cyber threats and information security. + A minimum of five (5) years of hands-on experience with experience in the last two (2) years that includes host-based and network-based security monitoring, identifying and analyzing anomalous activities with familiarity in host-based tools, intrusion detection systems, intrusion analysis functions, security information event management (SIEM) platforms, endpoint threat detection tools, and ticket management in a SOC Operations environment. + One or more of the following certifications: GCIA, GCIH, GCFA, GCED, or other Information Assurance Technician (IAT) Level III certification (CASP+ CE, CCNP Security, CISA, CCSP), as well as an active CISSP, or the ability to obtain one within six (6 months) of hire. + Demonstrated understanding of incident response, insider threats, forensics, cyber threats and information security. + Conduct shift turnover at the beginning and end of Day shift. + Ensure the Shift Activity Log is completed and sent. + Receive and action communications or requests received via SOC inboxes and other communication mediums. + For mentorship and growth, provide feedback for any missed actions or deficiencies observed. + Prior experience with a Splunk as Security Information and Event monitoring (SIEM) platform and log management system. + Experience creating custom content such as rules, filters, signatures, countermeasures and operationally relevant scripts to support analysis and detection efforts. Strong SPL knowledge is preferred. + Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to contain and mitigate threats to maintain the confidentiality, integrity, and availability of protected data. + Ability and experience extracting and managing complex large data sets. + Strong documentation and written communication skills with technical report writing experience. + Experience with ad-hoc training to junior, mid, or senior members of a cyber work force. + Existing Subject Matter Expertise (SME) of Advanced Persistent Threat (APT) or emerging threats. + Proficiency in utilizing various packet capture (PCAP) applications/engines and in analysis of PCAP and NetFlow data. + Experience with static and dynamic malware analysis, including reverse engineering of binaries. + Familiarity with coding, scripting languages (BASH, PowerShell, Python, etc.), or with software development frameworks such as .NET. **Desired Qualifications:** + Experience managing a technical team. + Experience in Cyber Hunt activities. + Advanced troubleshooting skills. + Metadata extraction and analysis. + Malware Reverse Engineering (MA/RE). **Work Location:** · Washington, DC or Hybrid (2 days onsite/remote) - Potentially remote eligible pending customer approval **Education:** · BS or MS degree preferred **Original Posting Date:** 2024-12-09 While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above. **Pay Range:** Pay Range $104,650.00 - $189,175.00 The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law. \#Remote REQNUMBER: R-00149552 All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an equal opportunity employer/disability/vet.