CSSP Team Lead

We are hiring for a CSSP Lead out of our Scott AFB Hill AFB or Whitehall OH offices slated to start March 2026. This position provides leadership and guidance to a team responsible for delivering 24x7 cybersecurity monitoring services for Department of Defense networks. This role encompasses cyber threat intelligence analysis correlation of actionable security events network traffic analysis using raw packet data and coordination of resources during incident response activities. Furthermore the role supports the professional development of team members and ensures consistent transparent communication with operational leadership.

PRIMARY RESPONSIBILITIES:

• Cybersecurity Monitoring & Analysis:
  • Investigate alerts generated from endpoints IDS/IPS NetFlow data and custom sensors to detect compromises on customer networks.
  • Analyze extensive log files pivot between diverse datasets and correlate evidence to support incident investigations creating detailed technical reports outlining your findings.
  • Triage security alerts to rapidly identify malicious actors targeting customer networks.
  • Monitor and analyze DoD and open-source intelligence feeds to identify Indicators of Compromise (IOCs) and integrate them into security sensors and SIEMs.
  • Report security incidents to customers and USCYBERCOM ensuring timely communication and coordinated response.
• Team Leadership & Development:
  • Leads and supports assigned personnel by:
    • Conducting regular employee engagement activities.
    • Collaborating with Operations Managers to support employee training performance management/development and performance reviews.
    • Maintaining consistent and effective communication with Operations Leads the chain of command and Human Resources as needed to address employee performance and development matters.
  • Ensures the consistent implementation and adherence to leadership directives and organizational policies in collaboration with Operations Managers
    

BASIC QUALIFICATIONS:

• Minimum active DoD Secret clearance with the ability to obtain TS/SCI.
• Bachelors degree and 8 years of relevant experience; equivalent work experience and/or military service may be considered in lieu of a degree.
• Current DoD 8570 IAT Level II certification (or higher) such as CompTIA Security CE ISC2 SSCP or SANS GSEC (or equivalent).
• Ability to obtain DoD 8570 CSSP-A Level Certification (e.g. CEH CySA GCIA or equivalent) within 180 days of hire.
• Strong foundation in networking including packet analysis common ports and protocols and traffic flow. Knowledge of the OSI model defense-in-depth security principles and common security elements for effective threat detection analysis and mitigation as a SOC Security Analyst.
• Proven ability to work effectively both independently and as a collaborative team member demonstrating initiative and a strong work ethic in both settings.
• Committed to continuous learning and self-improvement in the cybersecurity domain as evidenced by ongoing pursuit of certifications active participation in industry forums and dedication to staying ahead of emerging threats and technologies.
• Excellent problem-solving skills including the ability to collaborate effectively with cross-functional teams to address complex security challenges in real-world scenarios. This includes the ability to communicate technical information clearly and concisely build consensus and drive solutions to completion.
• Reliable and flexible with a demonstrated willingness to work assigned shifts to support operational requirements and team objectives.
• Located within a commutable distance (within 2 hours) or able to relocate to Hill AFB UT; Scott AFB IL; or Columbus OH.
  

PREFERRED QUALIFICATIONS:

• Prior experience working with the Defense Information Systems Agency (DISA) and/or Department of Defense (DoD) networks.
• Advanced knowledge of TCP/IP common networking ports and protocols traffic flow analysis system administration principles the OSI model defense-in-depth strategies and standard security components.
• In-depth expertise in the architecture engineering and operational aspects of at least one enterprise-grade SIEM platform (e.g. ArcSight QRadar LogLogic Splunk Elastic).
• Demonstrated experience with malware analysis concepts and methodologies.
• Advanced certifications such as SANS GIAC (e.g. GCIA GCIH GLSC) or CompTIA CASP.
• Experience implementing intelligence-driven defense strategies and/or utilizing the Cyber Kill Chain framework.
• A minimum of two (2) years of experience managing cross-functional cybersecurity teams.

If youre looking for comfort keep scrolling. At Leidos we outthink outbuild and outpace the status quo because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt provoke and refuse to fail. Step 10 is ancient history. Were already at step 30 and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.