Cyber Shift Lead - Night Shift

Cyber Shift Lead – Night Shift at Leidos

The Mid Shift Operations Lead manages and directs a team of Real‑Time Analysts responsible for delivering 24x7 cybersecurity monitoring services for Department of Defense networks during the 2400–0800 ET Mid Shift Monday‑Friday. This role oversees Defensive Cyber Operations across three sites, encompassing cyber threat intelligence analysis, correlation of actionable security events, and network traffic analysis using raw packet data. The leader collaborates with Boundary Defense and Cybersecurity Services mission leads for incident response and supports the professional development of team members while ensuring clear, transparent communication with all levels of personnel.

• Support and Lead Cybersecurity Monitoring & Analysis
  • Investigate alerts generated from endpoints, IDS/IPS, Net Flow data, and custom sensors to detect compromises on customer networks.
  • Analyze extensive log files, pivot between diverse datasets, and correlate evidence to support incident investigations, creating detailed technical reports.
  • Triage security alerts to rapidly identify malicious actors targeting customer networks.
  • Monitor and analyze DoD and open‑source intelligence feeds to identify indicators of compromise (IOCs) and integrate them into security sensors and SIEMs.
  • Report security incidents to customers and USCYBERCOM, ensuring timely communication and coordinated response.
• Team Leadership & Development
  • Lead and support assigned personnel by conducting regular engagement activities.
  • Work with Government Representation to meet shared goals and set priorities.
  • Collaborate with Operations Managers to support employee training, performance management, and reviews.
  • Maintain consistent and effective communication with Operations Leads, the chain of command, and Human Resources to address employee performance and development matters.
• Collaborate with senior leadership to ensure long‑term mission effectiveness and resolve personnel or operational roadblocks.
• Ensure consistent implementation and adherence to leadership directives and organizational policies.
• Direct the performance and mission success of a cross‑functional team, sustaining and improving situational awareness of deliverable metrics.
• Advance the mission through cross‑team collaboration and developmental initiatives, guiding the mission with a growth mindset.

• Minimum active DoD Secret clearance with the ability to obtain TS/SCI.
• Current DoD 8570 IAT Level II certification (or higher). Examples:
  CompTIA Security+ CE, ISC² SSCP, SANS GSEC.
• Ability to obtain DoD 8570 CSSP‑A Level Certification (e.g., CEH, CySA+, GCIA) within 180 days of hire.
• Strong foundation in networking, packet analysis, common ports, protocols, traffic flow, OSI model, defense‑in‑depth principles, and SOC security fundamentals.
• Bachelor’s degree and 8+ years of relevant experience; equivalent military service may be considered instead of a degree.
• Proven ability to work independently and collaboratively, demonstrating initiative, strong work ethic, and initiative.
• Committed to continuous learning and self‑improvement in cybersecurity, including ongoing certification pursuit.
• Excellent problem‑solving skills, with the ability to communicate technical information clearly and drive cross‑functional solutions.
• Reliable and flexible, willing to work assigned nights shifts to support operational requirements.
• Minimum two (2) years managing a team of five (5) or more direct reports, or cross‑functional cybersecurity teams.
• Located within a commutable distance (within 2 hours) to Hill AFB, UT;
  Scott AFB, IL; or Columbus, OH.

• Prior experience with the Defense Information Systems Agency (DISA) or DoD networks.
• Advanced knowledge of TCP/IP, common networking ports and protocols, traffic flow analysis, system administration, OSI model, defense‑in‑depth strategies, and standard security components.
• Experience with malware analysis concepts and methodologies.
• Experience implementing intelligence‑driven defense strategies or using MITRE ATT&CK or Cyber Kill Chain frameworks.
• Education, training, or…