Today
Public Trust
Unspecified
25%
Unspecified
Remote/Hybrid• (Off-Site/Hybrid)
R-00165826
Description
Leidos is a Fortune 500 technology, engineering, and solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, civil, and health markets.
Overview:
The Leidos Civil Group has an exciting opportunity for a skilled and experienced SOC Engineer to join our growing team. This individual will be responsible for engineering SOC data feed solutions, implementing SOAR capabilities, and collaborating across teams to ensure data feeds are healthy and functional. The ideal candidate will possess deep expertise in cybersecurity, including network security, security event management, incident response, and emerging threat detection technologies.
In addition to technical expertise, the candidate will serve as a SOC leadership backup, providing guidance and oversight in scenarios where the primary SOC Lead is unavailable. This includes leading team operations, managing escalations, and providing situational updates to senior leadership and stakeholders during active incidents or high-priority events.
Key Responsibilities
Required Qualifications
Preferred Qualifications
Education & Experience
At Leidos, we don’t want someone who "fits the mold"—we want someone who melts it down and builds something better. This is a role for the restless, the over-caffeinated, the ones who ask, “what’s next?” before the dust settles on “what’s now.”
If you’re already scheming step 20 while everyone else is still debating step 2… good. You’ll fit right in.
Original Posting: September 2, 2025
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range: Pay Range $85,150.00 - $153,925.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
#Remote
Description
Leidos is a Fortune 500 technology, engineering, and solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, civil, and health markets.
Overview:
The Leidos Civil Group has an exciting opportunity for a skilled and experienced SOC Engineer to join our growing team. This individual will be responsible for engineering SOC data feed solutions, implementing SOAR capabilities, and collaborating across teams to ensure data feeds are healthy and functional. The ideal candidate will possess deep expertise in cybersecurity, including network security, security event management, incident response, and emerging threat detection technologies.
In addition to technical expertise, the candidate will serve as a SOC leadership backup, providing guidance and oversight in scenarios where the primary SOC Lead is unavailable. This includes leading team operations, managing escalations, and providing situational updates to senior leadership and stakeholders during active incidents or high-priority events.
Key Responsibilities
- Microsoft Sentinel Engineering: Maintain and optimize a Microsoft Sentinel SIEM/SOAR solution in alignment with client requirements, industry best practices, and federal compliance mandates.
- Data Integration: Configure and manage log/data feeds from diverse sources (e.g., Fluent Bit, Windows Events, M365, cloud services, endpoint/security platforms).
- Parsing & Normalization: Develop and refine log parsing rules using Regex, DCRs, and custom transformations to ensure accurate and usable data in Sentinel.
- SOAR Development: Engineer automation and orchestration solutions using Microsoft Logic Apps, Azure Functions, and PowerShell/Python scripts to improve SOC efficiency and incident response.
- Threat Detection Engineering: Build, tune, and optimize analytic rules, UEBA, dashboards, and reports to improve detection and response coverage.
- Collaboration: Partner with cross-functional teams (network, endpoint, cloud, IT ops) to integrate new data sources and deliver actionable SOC capabilities.
- Documentation & Knowledge Transfer: Develop and maintain clear documentation of SOC architecture, log source onboarding, and automation playbooks; provide training for SOC analysts on new tools and processes.
- Advisory & Improvement: Conduct gap analyses of existing SOC capabilities, recommend improvements, and contribute to SOC process maturity.
- Incident Response Support: Provide Tier 3 support and assist with complex investigations when required.
Required Qualifications
- U.S. Citizen with ability to obtain Public Trust clearance.
- 2–5 years of experience in network defense, SOC engineering, or cybersecurity operations.
- Hands-on experience with Microsoft Sentinel, including log onboarding, rule development, and automation.
- Proficiency with log parsing and normalization (Regex, Fluent Bit, DCRs, KQL).
- Strong scripting skills in PowerShell and/or Python for automation and data handling.
- Experience configuring and maintaining data feeds for SOC visibility (cloud, endpoint, network, and on-prem).
- Familiarity with incident response concepts, threat detection engineering, and SOAR workflows.
- Excellent written and verbal communication skills with ability to work across technical and non-technical teams.
Preferred Qualifications
- Knowledge of federal cybersecurity mandates (M-21-31, NIST Cybersecurity Framework, CISA Incident/Vulnerability Playbooks, BOD 22-01).
- Experience with Microsoft Logic Apps, Azure Functions, or other SOAR development platforms.
- Experience with UEBA configuration to enhance anomaly detection.
- Background in AI/ML frameworks for cyber analytics.
- Experience building SOC metrics, dashboards, and reporting for operational visibility.
- Familiarity with M365, Azure security tools, ServiceNow workflows, and CISA CDM tools.
- Relevant certifications such as CISSP, CISM, Microsoft Security Operations Analyst (SC-200), or Azure Security Engineer (AZ-500).
Education & Experience
- Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
- 5+ years of progressive cybersecurity/SOC experience (engineering and operations).
At Leidos, we don’t want someone who "fits the mold"—we want someone who melts it down and builds something better. This is a role for the restless, the over-caffeinated, the ones who ask, “what’s next?” before the dust settles on “what’s now.”
If you’re already scheming step 20 while everyone else is still debating step 2… good. You’ll fit right in.
Original Posting: September 2, 2025
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range: Pay Range $85,150.00 - $153,925.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
#Remote
group id: SCNCAPI2
Introducing the Next Level of Leidos
