Leidos
Description
Join our dynamic team as a Cloud Security Detection Engineer! This position supports the GSM-O II effort and offers a flexible hybrid work schedule. Candidates can work from Scott AFB, IL; Whitehall, OH; or Hill AFB, UT on their designated on-site days.
As a key member of our team, you will develop and enhance SIEM/SOAR capabilities to bolster our Cyber Security Service Provider (CSSP) services. Your role will focus on creating, implementing, and testing detection capabilities for AWS security monitoring using Elastic and Splunk.
If you have a strong background in cyber analysis and incident response, particularly with Elastic and Splunk in AWS environments, this position is the perfect fit for you. Your expertise will be invaluable in our mission to analyze and respond to cyber threats effectively.
PRIMARY RESPONSIBILITIES:
Collaborate with the threat emulation and analytic development team to optimize detection strategies using the MITRE ATT&CK framework.
Design, implement, and evaluate analytics with Elastic and Splunk to identify malicious activities in AWS IaaS environments.
Analyze operation and threat reports to identify opportunities for improving detection capabilities.
Deliver training sessions for analysts utilizing test environments and simulated malicious activities.
Provide support and guidance to other teams within DISA Global on cloud security efforts as required.
BASIC QUALIFICATIONS:
Active DoD Secret security clearance with the ability to obtain TS/SCI.
DoD 8570 IAT level II or higher certification (e.g., CompTIA Security+ CE, CySA+, ISC2 SSCP, SANS GSEC) before starting.
DoD 8570 CSSP-A level certification such as CEH, CySA+, GCIA, or similar required within 180 days of hire.
A strong commitment to continuous learning and proficiency in technical cyber security, with an ability to work independently.
Bachelor's degree and 4+ years of relevant experience; additional work experience or Cyber courses/certifications may substitute for degree.
Proficient in the architecture, engineering, and operations of Elastic and/or Splunk.
Knowledgeable in AWS cyber security monitoring tools including CloudWatch, GuardDuty, VPC Flow logs, and Security Hub.
Excellent written and verbal communication skills, along with strong analytical and troubleshooting abilities.
A critical thinker with the ability to work independently.
PREFERRED QUALIFICATIONS:
Experience in Cyber Network Defense (CND) within a Computer Incident Response organization.
Familiarity with Azure, Google Cloud Platform (GCP), or Oracle Cloud Infrastructure is a plus.
Understanding of the lifecycle of network threats, attacks, tactics, techniques, and procedures (TTPs).
Advanced knowledge of TCP/IP, common networking ports and protocols, traffic flow, OSI model, and common security elements.
Experience with Unix/Linux command line.
Familiarity with automation templates such as CloudFormation, ARM template, or Terraform.
Experience in scripting/programming (e.g., PowerShell, Bash, Python).
A self-motivated individual with the ability to create detailed technical reports on analytic findings.
Experience with Intelligence Driven Defense and/or the Cyber Kill Chain methodology.
Existing 8570 CSSP Analyst certifications such as CEH, CySA+, etc.
Familiarity with cybersecurity frameworks like MITRE ATT&CK, CIS Controls, NIST CSF, or CSA CCM.
At Leidos, we seek innovative thinkers who are eager to break the mold and build something extraordinary. If you're a forward-thinker who thrives on challenges and is already envisioning the next step while others are still figuring out the current one, we want you on our team!
The position is originally posted on September 10, 2025. For U.S. positions, Leidos anticipates keeping this job open for at least 3 days, with an expected closing date no earlier than 3 days after the original posting date.
Pay Range:
$85,150.00 - $153,925.00. This pay range is a guideline and does not guarantee compensation. Factors influencing the offer may include job responsibilities, experience, and market data.
$85,150.00 - $153,925.00. This pay range is a guideline and does not guarantee compensation. Factors influencing the offer may include job responsibilities, experience, and market data.