Cyber Countermeasures Engineer

The U.S. Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a U.S. Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations.  The CBP SOC is responsible for the overall security of CBP enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations. 

Leidos is seeking an experienced Cyber Countermeasures Engineer to join our team. As a member of this highly technical team supporting U.S. Customs and Border Protection (CBP), you will play a crucial role in defending against cyber threats and will perform in-depth technical analysis of network and endpoint logs & activity, direct and track enterprise countermeasure actions, implement countermeasures across a broad spectrum of network and host based tools, and assess/validate the efficacy of countermeasure deployment in support of the protection of the customers’ systems, networks, and assets.    

Primary Responsibilities: 

• Directing, tracking, and implementing enterprise wide countermeasures across a wide spectrum of endpoint, network, and cloud based tools.  

• Assessing, validating, and ensuring deployment and continuous efficacy of deployed countermeasures in the environment.  

• Create, recommend, and assist with development of new security content as the result of coordination with other teams, to include signatures, alerts, workflows, and automation. 

• Develop new processes, procedures, and playbooks for countermeasure implementation as new technologies are deployed in the environment.  

• Understand intrusion sets, TTPs, and threat actors to better tailor countermeasure deployment across the enterprise.  

• Responsible for maintaining a comprehensive understanding of the cyber threat landscape, including identifying and analyzing new tools and processes for countermeasure deployment to enhance cybersecurity posture of the organization’s IT operating environment. 

• Coordinate with various other teams and stakeholders to maintain their situational awareness of countermeasure deployment. 

• Collect and report metrics surrounding countermeasure deployment on a weekly, monthly, and annual basis. 

• Assess, analyze, and effectively communicate risks associated with various types of countermeasures and their deployment in the environment.  

• Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise.  

• Proactively and iteratively search through systems and networks to detect advanced threats and escalate as necessary, or recommend countermeasures for implementation. 

• Analyze host, network, and application logs in addition to malware and code. 

• Will be responsible for developing scripts to support cyber threat detection that outputs results in a variety of formats, such as VB scripts, Python, C++, HTML, XML or other type most appropriate for the task.  

• Produce high quality technical and non-technical reports with minimal supervision and emphasis on effective/accurate reporting.  

 Will be responsible for: 

• Implementing countermeasure recommendations from various teams across a wide array of EDR, DLP, mobile, and network based tools. 

• Maintain leadership situational awareness of current countermeasures, metrics, and capabilities/risks of various countermeasures.  

• Develop new processes, procedures, and playbooks surrounding the implementation of new techologies as they are deployed in the environment and the capabilities/limitations of the tools.  

• Create daily, weekly, and monthly reports and metrics for products and briefings. 

• Process technical data from various sources and recommend countermeasures for implementation on various tools.  

• Responsible for the maintaining and actioning the full lifecycle of countermeasures across a broad array of endpoint, network, and cloud based technologies/tools. 

Basic Qualifications: 

• Possess a minimum of four (4) years of professional experience in incident detection and response, malware analysis, or cyber forensics.  

• Have a bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field with three (3) years of experience in incident detection and response, malware analysis, or cyber forensics. 

• Experience with various host, network, cloud, email, and mobile based technologies and tools related to detections and countermeasures.  

• Have 2+ years recent experience with host-based and network-based security monitoring using cybersecurity capabilities.  

• Must be experienced developing scripts to support cyber threat detection that outputs results in a variety of formats, such as VB scripts, Python, C++, HTML, XML or other. 

• Established experience with incident response and SIEM tools, host-based logs, network-based logs, and regex.  

• Ability to work independently with minimal direction; self-starter/self-motivated. 

Required certifications: 

The candidate should have at minimum ONE of the following certifications: 

• CompTIA Cyber Security Analyst (CySA+) 

• CompTIA Linux Network Professional (CLNP) 

• CompTIA Pentest+ 

• CompTIA Cybersecurity Analyst (CySA+) 

• GPEN – Penetration Tester 

• GWAPT – Web Application Penetration Tester 

• GSNA – System and Network Auditor 

• GISF – Security Fundamentals 

• GXPN – Exploit Researcher and Advanced Penetration Tester 

• GWEB – Web Application Defender 

• GNFA – Network Forensic Analyst 

• GMON – Continuous Monitoring Certification 

• GCTI – Cyber Threat Intelligence 

• GOSI – Open Source Intelligence 

• OSCP (Certified Professional) 

• OSCE (Certified Expert) 

• OSWP (Wireless Professional) 

• OSEE (Exploitation Expert) 

• CCFP – Certified Cyber Forensics Professional 

• CISSP – Certified Information Systems Security 

• CEH – Certified Ethical Hacker 

• CHFI – Computer Hacking Forensic Investigator 

• LPT – Licensed Penetration Tester 

• CSA – EC Council Certified SOC Analyst (Previously ECSA – EC-Council Certified Security Analyst) 

• ENSA – EC-Council Network Security Administrator 

• ECIH – EC-Council Certified Incident Handler 

• ECSS – EC-Council Certified Security Specialist 

• ECES – EC-Council Certified Encryption Specialist 

Preferred Qualifications:  

• A minimum of five (5) years of hands-on experience with experience in the last two (2) years that includes host-based and network-based security monitoring using cybersecurity capabilities.  

• Previous DOD, IC or Law Enforcement Intelligence or Counterintelligence Training/Experience 

• Demonstrated experience implementing countermeasures across a broad array of endpoint, network, and cloud based technologies/tools. 

• Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers, and tools such as EDR, DLP, and Mobile Threat Detection. 

• Working knowledge of common (HTTP, DNS, SMB, etc) networking protocols 

• Familiarity with operation of both Windows and Linux based systems.  

• Proficient with scripting languages such as Python or PowerShell 

• Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL) 

Clearance:  

• All Department of Homeland Security CBP SOC employees are required to favorably pass a 5-year (BI) Background Investigation.