Security Operations Architect Deputy Program Manager

The U.S. Department of Homeland Security (DHS) Customs and Border Protection (CBP) Security Operations Center (SOC) is a U.S. Government program responsible to prevent identify contain and eradicate cyber threats to CBP networks through monitoring intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN) commercial internet connection public facing websites wireless mobile/cellular cloud security devices servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprisewide information systems and collects investigates and reports any suspected and confirmed security violations.

Leidos is seeking an experienced Security Operations Architect / Deputy Program Manager to join our team. As a member of this highly technical contract team supporting U.S. Customs and Border Protection (CBP) you will be responsible for coordinating operations of tools optimizing security operations efficiencies maintaining situational awareness of security operations and incidents leading crisis action teams & high priority incident response procedures ensuring quality root cause analysis documents management of tools and processes incidents and investigations and ensuring chain of custody during incident investigations in support of the protection of the customers systems networks and assets.

Primary Responsibilities:

The candidate shall provide support to CBP OITs Cybersecurity Directorate (CSD) in support of security operations engineering and security policy according to established policies handbooks and Standard Operating Procedures (SOPs). This support includes enhancing and maturing security operations by identifying new technologies for implementation better utilizing tools that are currently deployed and mature processes by facilitating Lessons Learned programs. The main focus of this task is to work with the OIT CSD teams to lead the design implementation and continuous improvement of cybersecurity operations. This role will serve as a strategic technical leader collaborating across IT security and external teams to ensure robust detection response and recovery capabilities.

• Lead technical efforts during major incident investigations and postincident reviews.

• Provide architectural leadership and guidance during incident response events coordinating with internal and external teams to analyze threats contain breaches and ensure timely recovery.

• Architect and enhance cybersecurity operations platforms including SIEM SOAR EDR NDR Threat Intelligence Platforms (TIP) MDM DLP etc.

• Design and optimize processes technologies and procedures surrounding security monitoring incident detection/response processes forensic collection and analysis cyber threat hunting processes and procedures and more.

• Track expenditures throughout the program lifecycle ensuring adherence to budgeted amounts and analyze burn rates and provide insights to prevent over or underspending.

• Assist the Program Manager in developing the overall program budget in alignment with project goals and organizational guidelines and establish baseline budgets and track planned vs. actual performance over time.

• Collaborate with SOC Cyber Threat Intelligence Digital Forensics Cyber Threat Hunt VAT/Penetration Testing Team SIEM team and engineering teams to ensure cohesive and scalable security operations to ensure the security operations architecture aligns with business objectives compliance requirements and organizational risk appetite.

• Define and maintain architecture standards for security event logging telemetry collection and alert correlation.

• Develop detection use cases and response playbooks mapping to frameworks like MITRE ATT&CK to proactively identify and respond to advanced threats and adversary Tactics Techniques and Procedures (TTPs).

• Define performance metrics and KPIs for security operations effectiveness leveraging dashboards reports and threat modeling to measure detection coverage false positives/negatives incident response times and analyst resources.

• Stay current with emerging threats vulnerabilities and industry trends to proactively enhance detection capabilities.

• Effectively investigate and identify root cause findings then communicate findings to stakeholders including technical staff and leadership.

• Assist the Program Manager with leading and overseeing the cybersecurity program and initiatives from planning through ensuring alignment with business goals and regulatory requirements.

• Assist the Program Manager with developing and managing program roadmaps budgets timelines and resource plans coordinating efforts across security IT risk and business units.

• Serve as the primary liaison between cybersecurity teams and Program Leadership as well as executive stakeholders effectively communicating program status risks and outcomes.

• Monitor and report on program performance using KPIs and metrics to assess progress drive accountability and support continuous improvement.

Basic Qualifications:

• SANS GCIH certification

• Requires BS degree and 10 or more years of direct relevant experience.

• A minimum of two years of direct experience as a Security Operations Center (SOC) Manager.

• A minimum of two years of direct experience as a Deputy Program Manager.

• Previous experience contributing to or leading incidents and threat investigations in support of DHS or Federal Agency SOC operations.

• Degree in computer science IT Information/Cyber Security field from an accredited college or university.

• Flexible and adaptable selfstarter with strong relationshipbuilding skills

• Effective communication skills with emphasis on attention to detail ability to accurately capture and document technical remediation details and ability to brief stakeholders on incident statuses recovery and root causes.

• Strong problemsolving abilities with an analytic and qualitative eye for reasoning under pressure.

• Ability to independently prioritize and complete multiple tasks with little to no supervision.

Preferred Qualifications:

• Experience performing computer forensics in Federal Government DOD or Law Enforcement environments.

• Ability to script in one more of the following computer languages Python Bash Visual Basic or PowerShell.

• Knowledge of the Cyber Chain and MITRE ATT&CK framework

• Advanced understanding of multiple Operating Systems monitoring and detection techniques and methods and Incident Response Lifecycle.

• Prior experience with CBP/DHS

• Between 23 years of experience in two or more of these specialized areas:

• Cyber Threat Intelligence

• Digital Media Forensics

• Incident Response

Required certifications:

The candidate should have at minimum ONE of the following certifications:

• GCIH Certified Incident Handler

• GCFA Certified Forensic Analyst

• GCFE Certified Forensic Examiner

• GREM Reverse Engineering Malware

• GISF Security Fundamentals

• GXPN Exploit Researcher and Advanced Penetration Tester

• GCTI Cyber Threat Intelligence

• GOSI Open Source Intelligence

• OSCP (Certified Professional)

• OSCE (Certified Expert)

• OSWP (Wireless Professional)

• OSEE (Exploitation Expert)

• CCFP Certified Cyber Forensics Professional

• CISSP Certified Information Systems Security

• CHFI Computer Hacking Forensic Investigator

• LPT Licensed Penetration Tester

• CSA EC Council Certified SOC Analyst (Previously ECSA ECCouncil Certified Security Analyst)

• CTIA ECCouncil Certified Threat Intelligence Analyst

Clearance: Candidates must have a current Top Secret clearance with SCI eligibility.