DCO Counter-Measures Engineer

Overview

Leidos' Digital Modernization sector has a current job opportunity for a Defensive Cyber Operations (DCO) Counter‑Measures Engineer. This position supports the GSM‑O II program, providing network operations and cyber defense support to the Defense Information Systems Agency (DISA) in support of the Department of Defense (DoD) and Combatant Commands (COCOMs). The selected candidate will provide support for defensive cyber operations activities and will be expected to actively engage with a variety of customers and mission partners.

Location:

Scott AFB, IL;
Hill AFB, UT; or Columbus, OH. Partial/hybrid telework may be allowed, but a consistent on‑site presence is required.

• Author and deploy novel countermeasures to eliminate threats and illuminate their activities.
• Assess the effectiveness of countermeasures on an ongoing basis and re‑vector actions as needed.
• Design and develop solutions to deliver automated cybersecurity services, conduct agile development and maintenance of automation scripts/tools to scale cybersecurity work across the enterprise.
• Develop custom integrations, data correlation, and processing strategies to reduce cybersecurity risk and act as a subject‑matter expert for the automation team.
• Maintain situational awareness of cyber activity by reviewing DoD, Intelligence Community, and open‑source reporting for new vulnerabilities, malware or other threats that could impact the DoDIN.

• Must have an active DoD Secret clearance and be eligible to obtain TS/SCI.
• Bachelor's degree in a related discipline with 8+ years of applicable experience; additional related years of experience may be accepted in lieu of a degree.
• Requires 8140 Cyber Defense Infrastructure Support Specialist 521 (CS) Intermediate-level compliance, including one of the following certifications:
  Security+, Pen Test+, CySA+, GSEC, or GMON.
• Proficiency in programming in at least one modern language (Java, Python, Ruby, C++).
• Experience in custom malware detection development.
• Advanced understanding of TCP/IP, networking ports and protocols, traffic flow, system administration, OSI model, defense‑in‑depth and common security elements.
• Understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with knowledge of intrusion set tactics, techniques and procedures (TTPs).
• UNIX administrative skills.

• Experience with DISA and DoD networks.
• Experience countering APTs or emergent threats to DoD networks.
• Skilled in developing extended cyber security analytics.
• Experience in developing and supporting a development environment.
• Experience automating tasks via Bash, Python, Power Shell, or other scripting tools.
• Experience in Linux and Windows‑based systems administration in a cloud or virtualized environment.
• Experience with API development and integration.
• Experience with Git, Sigma, Yara, Snort, and Suricata.
• Experience with Detection‑as‑a‑Code principles.
• Experience with malware analysis concepts and methods.
• Advanced certifications such as GREM, OSCP, CISSP, or CASP.

$ – $ (general guideline only; compensation based on responsibilities, experience, and other factors).

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.