SOC Analyst (Night Shift)

The DHS FEMA Program has a critical need for a Tier 1 Cyber Security Analyst. This is a full-time position based in Bluemont, VA (Mount Weather). This position is currently a night shift position (2pm-10pm or night (10pm-6am) and is 24x7 support (shifts). This will require 3 days onsite and 2 days remote. The position will be up to 6 months.

The ideal candidate will have a basic understanding of cyber threats, information security, security monitoring, threat detection, incident response, and incident handling (NIST SP 800-61). The candidate should be familiar with conducting security monitoring in a SIEM. The candidate must be familiar with TCP/IP ports and protocols, IDS/IPS systems, and basic incident handling and response concepts.

The Federal Emergency Management Agency (FEMA) Security Operations is responsible to prevent, identify, contain and eradicate cyber threats to FEMA networks through monitoring, intrusion detection and protective security services to FEMA information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The FEMA Security Operations is responsible for the overall security of FEMA Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations.

Duties include network security monitoring and detection, proactively searching for threats, inspecting traffic for anomalies and new malware patterns, investigating and analyzing logs, providing analysis and response to alerts, and documenting activity in SOC investigations and Security Event Notifications (SENs).

Primary Responsibilities:

• Manage and conduct hands-on technical detection, analysis, containment, eradication, and remediation as a member of the Incident Response team
• Guide and mentor peers and subordinates to provide cross training
• Ensure accountability and punctuality of security analysts assigned to your shift
• Capture cybersecurity metrics that support executive-level briefings (daily, weekly, monthly)
• Articulate daily challenges to the Government Watch Officer (GWO)
• Analyze web and host logs for indications of compromise
• Remediate and coordinate the remediation of infected or compromised devices
• Ensure shift continuity during call-outs and emergencies
• Compile incident reports, executive summaries, and analysis reports of intrusions and/or security events
• Document and update processes, workflows, and technical guides
• Perform simple firewall rule changes (after training)

Clearance Required:

• Must have TS/SCI clearance to start. TS clearances candidates will be considered. Preference to candidates with current/active TS/SCI clearance.
• US Citizenship required

Basic Qualifications:

Candidates should also demonstrate the following:

Bachelor's Degree and 2-4 years of SOC analyst experience. Additional experience may be considered in lieu of a degree

• Extensive knowledge of a SOC’s purpose and role within an organization
• Detailed understanding of common network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc)
• Expertise with network topologies and network security device functions (e.g. Firewall, IDS/IPS, Proxy, DNS, etc).
• Expertise with packet analysis tools such as Wireshark

Certification Requirement: Sec+, CEH, CySA+ or SANS certs

Original Posting:
April 29, 2025
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:
Pay Range $67,600.00 - $122,200.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.