Description The Multi-Domain Solutions Division at Leidos currently has openings for a Cyber Security Engineer / Information Systems Security Engineer (ISSE). Our team supports the Advanced Battle Management System’s (ABMS) Digital Infrastructure (DI) Network Manager program. In this mission we support the Department of the Air Force (DAF) to field and operate the ABMS Digital Infrastructure, which is foundational in creating a unified command-and-control infrastructure connecting/ integrating sensors, data streams, and weapon systems across all domains (air, land, sea, cyber, and space). This will ultimately allow U.S. forces from all services as well as allies and partners to sense, make sense and act upon a vast array of data and information faster than adversaries can detect and respond to. The Cyber Threat Hunter will work to proactively identify and investigate suspicious activity, analyze threat intelligence to stay ahead of emerging attacker tactics, and translate findings into actionable security improvements protecting our client’s assets. This role requires a deep understanding of advanced threat detection techniques, strong analytical skills, and the ability to work collaboratively with other security professionals. Specific duties include, but are not limited to, the following:Responsibilities include:Conduct proactive threat hunting activities to identify suspicious activity and potential cyber threats, preventing escalation.Apply independent critical thinking to analyze threat intelligence data, emerging attack techniques, tactics, and procedures (TTPs) to determine the best response and remediation actions.Conduct analysis of log data from various internal data sources (e.g., firewalls, hosts, EDR, IDS/IPS) to identify suspicious activity and assess potential threats impacting the organization.Respond to the customers’ RFIs and conduct investigations within defined time and scope parameters, using all available tools and techniques to uncover new information.Working knowledge of Information Security controls including system-level controls, network controls, and security operations, across Endpoint, Cloud, SaaS, and Identity.Experience with Endpoint Detection and Response (EDR) capabilities.Background in investigating and analyzing alerts and threats for anomalous, suspicious, or malicious activity.Develop countermeasures such as custom SIEM and IDS rules/signatures and strengthen the organization’s ability to prevent and detect attacks against assets and data.Perform Incident Handling Tasks (e.g., triage, response activities, documentation, reporting, lessons learn, etc.).Educate and empower customers by providing context on various threats and advising on best practices.Analyze ongoing attacks, such as phishing, DDoS, data leakage, and ransomware, to assess their origin, purpose, and impact on our customers.Track and engage with threat actors across the clear, deep, and dark web to gather unique insights and intelligence.Serve as a leading source of knowledge in threat intelligence, providing support to the customer with your diverse skills and expertise.Develop and deploy security monitoring content, including dashboards and alerts within the organizations SIEM and other security tools to detect threats, suspicious activities, aiding in incident investigation efforts.Regularly review, evaluate, and optimize custom and default detection content to ensure it supports internal and SOC operations effectively.Create and maintain technical documents including, but not limited to content creation, content/rule review process, queries for disparate log sources, network/security visibility issues, detection gaps, and monitoring strategies.Identify areas for improvement in security monitoring and propose enhancements to strengthen the organization’s detection and response capabilities.Mentor and guide fellow security team members, assisting with project execution and promoting skill development in tactical security practices.Directly interface and mentor the SOC.Developing strategies to handle security incidents and coordinating responses to security breaches.Required Qualifications and Skills:Must have a DoD TS/SCI Clearance.Must have a current security certification in accordance with DoD 8140 and be able to get an appropriate computing environment certification within 6 months.Bachelor’s degree with 6 years of prior experience in the Cybersecurity technical/professional discipline. Additional years of experience and/or certifications may be considered in lieu of a degree/prior work experience requirement.Experience with Endpoint Detection and Response (EDR) capabilities.Working knowledge of Information Security controls including system-level controls, network controls, and security operations, across Endpoint, Cloud, SaaS, and Identity.Background in investigating and analyzing alerts and threats for anomalous, suspicious, or malicious activity.Knowledge of content creation concepts, content development management, content testing, implementation, and threat analysis of complex events.Experience in monitoring and analyzing logs and alerts from a variety of different technologies and sources to include but not limited to Network/Host, EDR, Firewall, IDS/IPS, Cloud (IaaS, PaaS, SaaS).Experience in leading incident response engagements.Experience in developing detection content using various data sources and query languages.Knowledge of security architectures, devices, firewalls, system and application security threats and vulnerabilities.Experience with presenting findings, conclusions, alternatives, and information clearly and concisely to stakeholders and vendors.Proven practical experience in information security and well-rounded knowledge of technology.Ability to travel as required.Preferred Qualifications:Bachelor’s Degree in Information Technology, Computer Information Systems or Cyber Security or equivalent experience.CySA+, CASP+, CISSP or equivalent certifications and/or experience.Knowledge of security standards and frameworks (e.g., MITRE ATT&CK)Experience with Security Onion.Experience with security tools related to EDR, Firewalls, IPS/IDS, DLP, Forensic/Malware Analysis, SIEM, Cloud.Excellent analytical, problem-solving, customer service, project management and communication skills.Original Posting:June 12, 2025For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.Pay Range:Pay Range $104,650.00 - $189,175.00The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.