Security Operations Architect / Deputy Program Manager

The U.S. Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a U.S. Government program responsible for preventing, identifying, containing, and eradicating cyber threats to CBP networks through monitoring, intrusion detection, and protective security services for CBP information systems, including LAN/WAN, internet connections, public-facing websites, wireless, mobile/cellular, cloud, security devices, servers, and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, collecting, investigating, and reporting any suspected and confirmed security violations.

Leidos is seeking an experienced Security Operations Architect / Deputy Program Manager to join our team. As part of this highly technical contract team supporting U.S. Customs and Border Protection (CBP), you will be responsible for coordinating operations of security tools, optimizing security operations, maintaining situational awareness of incidents, leading crisis response teams, ensuring quality root cause analysis documentation, managing tools and processes, and ensuring chain of custody during investigations to protect systems, networks, and assets.

Primary Responsibilities:

The candidate shall support CBP OIT’s Cybersecurity Directorate (CSD) in security operations, engineering, and policy, enhancing and maturing security operations by identifying new technologies, utilizing current tools, and improving processes through Lessons Learned programs. This role involves leading design, implementation, and continuous improvement of cybersecurity operations, collaborating across IT, security, and external teams to ensure detection, response, and recovery capabilities.

• Lead technical efforts during major incident investigations and post-incident reviews.

• Provide architectural leadership during incident responses, coordinating threat analysis, containment, and recovery.

• Architect and improve platforms like SIEM, SOAR, EDR, NDR, TIP, MDM, DLP.

• Design and optimize processes related to security monitoring, incident response, forensic collection, threat hunting, etc.

• Manage expenditures, ensuring adherence to budgets, analyzing burn rates, and providing insights to prevent overspending.

• Assist in developing program budgets, establishing baselines, and tracking performance.

• Collaborate with various security teams to ensure cohesive security operations aligned with organizational objectives and risk appetite.

• Define architecture standards for event logging, telemetry, and alert correlation.

• Develop detection use cases and response playbooks aligned with frameworks like MITRE ATT&CK.

• Establish performance metrics and KPIs for security effectiveness, utilizing dashboards and reports.

• Stay current with emerging threats and industry trends to proactively enhance detection capabilities.

• Investigate root causes and communicate findings to stakeholders.

• Lead and oversee cybersecurity programs and initiatives, including planning, execution, and stakeholder communication.

• Monitor and report on program performance, driving continuous improvement.

Basic Qualifications:

• SANS GCIH certification

• BS degree and 10+ years relevant experience

• Minimum two years as SOC Manager

• Minimum two years as Deputy Program Manager

• Experience leading incident and threat investigations in DHS or Federal SOCs

• Degree in computer science, IT, or Cybersecurity from an accredited institution

• Strong relationship-building and communication skills, detail-oriented, and able to work independently

• Problem-solving skills with ability to reason under pressure

• Ability to prioritize and multitask with minimal supervision

Preferred Qualifications:

• Experience in computer forensics in Federal or Law Enforcement environments

• Scripting skills in Python, Bash, Visual Basic, or PowerShell

• Knowledge of Cyber Kill Chain and MITRE ATT&CK

• Advanced understanding of OS, detection, and incident response lifecycle

• Prior experience with CBP/DHS

• 2-3 years in areas like Threat Intelligence, Digital Forensics, or Incident Response

Required Certifications:

• At least one of the following: GCIH, GCFA, GCFE, GREM, GISF, GXPN, GCTI, GOSI, OSCP, OSCE, OSWP, OSEE, CCFP, CISSP, CHFI, LPT, CSA, CTIA

Clearance: Candidates must have a current Top Secret clearance with SCI eligibility.