NSOC Lead - Leidos

Reporting to the Leidos Program Manager, the Top Secret cleared NSOC Lead will play a significant role in helping the Department of Defense (DoD) design, implement, and operate the people, infrastructure, processes, and systems for security and operations management that will protect and defend components of the DoD Joint All-Domain Command and Control (JADC2) digital infrastructure.  

In support of design and implementation, the NSOC Lead will support NSOC configuration management, NSOC tool engineering, integration of networks into NSOC management, NSOC training development and delivery, NSOC tool maintenance, and NSOC change and release management. For platform and infrastructure operations, the NSOC Lead will schedule NSOC operational staffing, and support NSOC Continuity of Operations (COOP), monitoring and analysis, and incident assessment and response. In support of operations, the NSOC Lead will support digital media analyses, cyber intelligence fusion, and cybersecurity vulnerability assessments, penetration testing, and insider threat hunting. A separate Information Assurance (IA) Team is responsible to develop and maintain Authorizations to Operate (ATO) and other cybersecurity assessments and authorizations; the NSOC Lead’s responsibility to the IA Team is to provide Body of Evidence (BoE) of artifacts supporting IA efforts.  

The position will require occasional short-term travel to CONUS and OCONUS sites. This position will require an infrequent shift in workday schedule to support exercises occurring over weekends.  

Primary Responsibilities.   

• Lead NSOC staff to achieve a high degree of customer satisfaction by achieving and maintaining high cybersecurity performance as demonstrated on cybersecurity dashboards  

• Provide artifact supporting Information Assurance and Risk Management Framework (RMF) processes  

• Develop an NSOC Concept of Operations (CONOPS)  

• Manage deployments and stand-up at globally distributed NSOCs  

• Lead NSOC Team to create a configuration management plan and coordinate validate that all NSOCs have the same tool configurations and baselines. Coordinate, control, and manage NSOC changes and releases.  

• Lead NSOC Team to identify any tools or capabilities that will enhance the performance of the NSOC, deploy and configure selected tools, update training, administer tools, and update training.  

• Lead NSOC Team to track and manage the integration of the NSOC into network releases  

• Lead NSOC Team to develop and deliver NSOC training package  

• Lead NSOC Team to select and provide operational manning support for the Global NSOC units  

• Lead NSOC Team to provide support personnel to meet Continuity of Operations (COOP) when invoked  

• Lead NSOC Team in providing a variety of functions, including: monitoring of systems status, escalating and reporting potential incidents; creating and updating incident cases and tickets, performing risk assessments for access requests and policy exemption requests, analyzing security reports, applying various antivirus, intrusion detection, digital media analysis, and vulnerability assessment tools, techniques, and procedures, authoring and implementing custom detection content, tuning the Security and Information Management (SIEM) and Intrusion Detection System/Intrusion Prevention System (IDS/IPS) events to minimize false positives, authoring and maintaining custom SIEM content, program analysis and review, hardware and software evaluation and analysis, process Improvement, data Management, and coordination and reporting of security related Incidents  

• Lead NSOC Team to provide forensic analysis of a variety of digital media devices and mediums 

• Lead NSOC Team to provide technical expertise in cyber adversary capabilities and an assessment of the intentions of these groups to conduct Computer Network Exploitation (CNE) and Computer Network Attack (CNA) 

• Lead NSOC Team to provide onsite and remote vulnerability assessment support  

• Lead NSOC Team to provide both internal and external security penetration testing  

• Lead NSOC Team to provide incident assessment and response support  

• Lead NSOC Team to detect, prevent, and respond to insider threats  

Basic Qualifications.   

• B.S. in engineering or mathematics or IT/computer science with 12 – 15 years of related experience. Additional years of experience will be considered in lieu of degree.

• Top Secret clearance required with ability to obtain and maintain TS/SCI clearance.

• Expert understanding of modern cyber security, networks, cloud architecture.

• A minimum of two (2) years of team leadership experience, working with distributed organizations and a demonstrated record of leading and managing an organization.

• Understanding of TCP/IP.

• At least one current DoD 8140 certification.

• Hands-on knowledge, management, and dashboard creation with at least some of the packages to be used by the NSOC: Splunk Enterprise Security, Splunk SOAR, ServiceNow IT Operations Management, SolarWinds, Security Onion, ACAS.

• Ability to gain internal consensus support; operate independently; conceive new and innovative ideas and solutions; predicting potential outcomes, and determine which alternative course of action to follow.

• Ability to establish positive, constructive relationships with technical and functional staff, managers, and peers within the Operation, Group, and across Leidos organizations.

• Prior experience of collaboration efforts outside the immediate organization.

• Highly effective oral and written communication skills   

Preferred Qualifications.   

• Masters Degree in STEM discipline, with proven track record of performing technical management of DoD security programs.

• Demonstrated experience to effectively engage a diverse workforce of employees and subcontractors for effective and optimized resource utilization.

• Experience working with cloud computing and infrastructure security (AWS, Azure, etc.) to IL6.

• Experience with virtual computing environments.

• Experience with common and uncommon DoD cyber tools.

• Experience with DoD Cross Domain Solutions.

• Experience with SD-WAN.

• Experience with DevSecOps and agile program management.

• Lean Six Sigma Training.