R-00173461 Attack Sensing & Warning Analyst (AS&W Analyst)
Company: Leidos
Location: Ashburn
Posted on: April 1, 2026
|
|
|
Job Description:
The U.S. Department of Homeland Security (DHS), Customs and
Border Protection (CBP) Security Operations Center (SOC) is a U.S.
Government program responsible to prevent, identify, contain and
eradicate cyber threats to CBP networks through monitoring,
intrusion detection and protective security services to CBP
information systems including local area networks/wide area
networks (LAN/WAN), commercial Internet connection, public facing
websites, wireless, mobile/cellular, cloud, security devices,
servers and workstations. The CBP SOC is responsible for the
overall security of CBP Enterprise-wide information systems, and
collects, investigates, and reports any suspected and confirmed
security violations. Leidos is seeking an experienced Tier 2 Attack
Sensing & Warning Analyst to join our team. As a member of the
AS&W team supporting U.S. Customs and Border Protection (CBP),
you will be responsible for l everaging advanced security
technologies including EDR, SIEM, and network security tools to
monitor, triage, and investigate endpoint and network activity,
escalating alerts in accordance with established playbooks and
procedures, analyz ing logs and attacker behaviors to identify APT
tactics, aggregat ing IOCs, and develop ing security content,
scripts, and tools that enhance detection and incident response
capabilities in support of the protection of the customers’
systems, networks, and assets. Primary Responsibilities: Shift
schedule: 7 a m-7 p m, Sun - Tues , every other Wednesday. Utilize
state of the art technologies such as Endpoint Detection & Response
(EDR) tools, log analysis (Splunk) and occasionally network
forensics (full packet capture solution) to investigative activity
to examine endpoint and network-based data. Monitor alerting
channels for multiple endpoint and network tools for alerts of
various criticalities and escalate according to defined processes,
procedures, and playbooks. Triage alerts to determine nature of
activity occurring on customer networks, systems, servers, and
mobile devices. Conduct log analysis from multiple avenues and
tools to triage activity in support of incident response. Recognize
attacker and APT activity, tactics, and procedures a nd aggregate
indicators of compromise (IOCs) that can be used to improve
monitoring, analysis and incident response. Develop and build
security content, scripts, tools, or methods to enhance the
incident investigation processes. Lead I ncident Response
activities and mentor junior SOC staff. Create daily, weekly, and
monthly reports for dissemination to customer leadership with
emphasis on attention to detail and accurate capturing of relevant,
timely data for briefings. S uccinctly and accurately capture
technical details and summarize findings for less technical
audiences. Work with key stakeholders to implement remediation
plans in response to incidents. Effectively investigative and
identify root cause findings then communicate findings to
stakeholders including technical staff, and leadership. Strong
problem-solving abilities with an analytic and qualitative mindset.
Effectively communicate with customer leadership and disseminate
timely updates of critical incidents with emphasis on attention to
detail and accurate reporting. Basic Qualifications: Bachelor’s
degree in computer science, e ngineering, Information Technology
(IT) , Cyber Security, or related field and 2, 4 or 8 years of
professional experience (depending on level). Additional years of
experience are accepted in lieu of degree. 5 years of professional
experience (or a Bachelors’ Degree and 3 years of professional
experience) in incident detection, response and remediation .
Minimum of three (3) but (5) preferred years of specialized
experience in one or more of the following areas: Email security
Digital media forensic Monitoring and detection Incident Response
Vulnerability assessment and penetration testing Cyber intelligence
analysis Extensive experience analyzing and synthesizing
information with other relevant data sources, providing guidance
and mentorship to others in cyber threat analysis and operations .
Ability to collaborate with technical staff and customers to
identify , assess, and resolve complex security
problems/issues/risks and facilitate resolution and risk
mitigation. Ability to stay up to date with the latest threat
intelligence , security trends , tools, and capabilities . Possess
s trong problem-solving abilities with an analytic and qualitative
eye for reasoning . Ability to independently prioritize and
complete multiple tasks with little to no supervision. Preferred
Qualifications: Ability to coordinate and communicate well with
team leads and government personnel. Experience with detection
engineering efforts to tune alerts, signatures, and tools to reduce
false positives. Experience in cyber government, and/or federal law
enforcement Experience with the Cyber Kill Chain and MITRE
ATT&CK framework Ability to formulate and create new processes,
metrics, and procedures to improve security operations . Must be
able to report into the office as many as 5 days per week in
Ashburn, VA Required certifications: The candidate should have at
minimum ONE of the following certifications: CompTIA Cyber Security
Analyst ( CySA ) CEH – Certified Ethical Hacker CompTIA Linux
Network Professional (CLNP) CompTIA Pentest CompTIA Cybersecurity
Analyst ( CySA ) GPEN – Penetration Tester GWAPT – Web Application
Penetration Tester GSNA – System and Network Auditor GISF –
Security Fundamentals GXPN – Exploit Researcher and Advanced
Penetration Tester GWEB – Web Applicatio n Defender GNFA – Network
Forensic Analyst GMON – Continuous Monitoring Certification GCTI –
Cyber Threat Intelligence GOSI – Open Source Intelligence OSCP
(Certified Professional) OSCE (Certified Expert) OSWP (Wireless
Professional) OSEE (Exploitation Expert) CCFP – Certified Cyber
Forensics Professional CISSP – Certified Information Systems
Security CHFI – Computer Hacking Forensic Investigator LPT –
Licensed Penetration Tester CSA – EC Council Certified SOC Analyst
(Previously ECSA – EC-Council Certified Security Analyst) ENSA –
EC-Council Network Security Administrator ECIH – EC-Council
Certified Incident Handler ECSS – EC-Council Certified Security
Specialist ECES – EC-Council Certified Encryption Specialist
Clearance: All Department of Homeland Security CBP SOC employees
are required to favorably pass a 5-year (BI) Background
Investigation If you're looking for comfort, keep scrolling. At
Leidos, we outthink, outbuild, and outpace the status quo — because
the mission demands it. We're not hiring followers. We're
recruiting the ones who disrupt, provoke, and refuse to fail. Step
10 is ancient history. We're already at step 30 — and moving faster
than anyone else dares. Original Posting: March 4, 2026 For U.S.
Positions: While subject to change based on business needs, Leidos
reasonably anticipates that this job requisition will remain open
for at least 3 days with an anticipated close date of no earlier
than 3 days after the original posting date as listed above. Pay
Range: Pay Range $87,100.00 - $157,450.00 The Leidos pay range for
this job level is a general guideline only and not a guarantee of
compensation or salary. Additional factors considered in extending
an offer include (but are not limited to) responsibilities of the
job, education, experience, knowledge, skills, and abilities, as
well as internal equity, alignment with market data, applicable
bargaining agreement (if any), or other law.
Keywords: Leidos, Sterling , R-00173461 Attack Sensing & Warning Analyst (AS&W Analyst), IT / Software / Systems , Ashburn, Virginia
