Red and Blue Team Lead ( R-00067261 )
Leidos is looking for a Red/Blue Team Lead to support a large opportunity for Leidos supporting operations for Integrated Information & Cyber Security Services including Enterprise Operations, End User Support, Software Engineering, Cloud technologies and Cyber Security. You will lead a team with the responsibility of proactively identifying, addressing, testing, and analysis of vulnerabilities; and identifying security weaknesses of products, applications, and infrastructure. Your team will also ensure the quality of platforms and technologies NNSA utilizes across the enterprise. Your responsibilities in these areas will extend to the global NNSA environment, and you will work with cross-functional teams to proactively improve the security posture through a shared services model.
Your responsibilities in penetration testing will extend to the identification of exploitable vulnerabilities within the environment. You will additionally lead a team performing red teaming activities including creation of product kill chain narratives, attack analysis, identification of vulnerabilities, knowledge transfer of attack methodologies and Zero Days, production of post-mortem data to inform the defense team.
Your responsibilities with respect to vulnerability management services will include managing a vulnerability data repository, managing vulnerability scanning and reporting, and vulnerability analysis and remediation recommendations. This role will also be responsible for managing security tools and technologies that support the vulnerability management program and performing static and dynamic code analysis. You will also lead a team performing product specific assessments of NNSA systems in production as well as those under development.
The preferred candidate will be responsible for leading these efforts in collaboration with the OCIO for the enterprise environment. The candidate must have expert skills in conducting technical analysis of security and business problems, as well as threats, incidents, investigations, workforce protection, and other general security related issues. The candidate must also have the ability to communicate well, motivate and lead cross functional and individual contributor teams independently, participate in coordinating response and defensive actions over a variety of security disciplines, and disseminate technical information as appropriate in support of NNSA’s critical business, and operational infrastructure needs. The candidate will develop, select, and motivate highly effective employees to execute the NNSA business model.
Responsibilities include the following:
• Performs enterprise systems security operations to ensure 100% effective NNSA security status across the enterprise.
• Develop Red Teaming, Penetration Testing, Code Scanning, and Vulnerability Management policies and procedures
• Operationalize a set of services based on your scope of responsibilities to be provided to the rest of the organization globally to support the ongoing security objectives of the Global Security Organization
• Synthesize and report findings, develop remediation recommendations and track implementation to completion
• Build and develop a team to provide Red Teaming, Penetration Testing, Code Scanning, and Vulnerability Management services to the organization
• Research and identify threat vectors and zero days that may be applicable to the NNSA environment; develop testing plans to identify vulnerabilities
• Define and maintain a rules of engagement plan for the NNSA enterprise environment as Red Team services are performed
• Identify, collect, and report metrics related to program progress, operations, and findings
• Assess, document, and implement mitigation strategies for newly discovered threats or vulnerabilities that may impact the company as part of a security incident
• Manage the effectiveness of tooling, rationalizing tools as needed, and identifying new tool needs as necessary
• Experience working with one of the following network security systems: CISCO (CCNA Security), Blue Coat BCCPA, InfoVista IVCA, HP ATP ArcSight Security V1, HP ASE-ArcSight Logger V1, IBM Tivoli Netcool/OMNIbus V7.4, Red Seal Security Expert, Cisco Stealthwatch Advanced Tuning (SWAT)
• Performs complex analytics on boundary protection systems to protect system assets from compromise, data loss, and other requirements.
• Experienced in DOD boundary protection and CSSP operations.
• Responds and mitigates risks and malicious code, classified incidents, CTO orders.
• Perform work within the defined SLAs.
• Work closely with other support and development teams.
• Create and update documentation where required.
• Cross train capabilities with other team members.
• Active TOP SECRET SCI clearance and/or U.S. Department of Energy Q clearance
• Bachelors and 7 - 10 years of prior relevant experience or additional relevant experience in lieu of degree.
• Strong verbal and written communications skills.
• Must be a US Citizen
• Staff shall meet DoD 8570 SD 205.1
• IAT III certification
• Experience in Red Teaming, Penetration Testing, Vulnerability Discovery, and Product Testing
• Candidates should be an expert in Networking, Windows and *nix environments * Expert understanding of TCP/IP and network communications
• Expert systems and network administration skills
• Expert in designing and deploying security testing procedures
• Expert in computer security incident handling and the Advanced Persistent Threat
• Expert In-depth knowledge of security vulnerabilities
• Excellent analytical and problem-solving skills.
• Excellent communication skills (verbal and written), ability to influence without authority.
• Ability to balance risks in ambiguous and complex situations.
• Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and multi-functional teams.
• Highly motivated to contribute and grow within a complex area of emerging importance.
• Experience or understanding of software applications design tools and languages.
• Understanding of design for software applications running on multiple platforms.
• Understanding of testing, coding and debugging procedures.
• Experience performing, overseeing, and providing feedback on red teaming services
• Experience in vulnerability management in an enterprise environment * Knowledge and expertise in reporting vulnerabilities and developing recommendations
• Demonstrates excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal relations.
• Works well under pressure and within time/budget constraints to solve problems or meet objectives.
• Excellent fundamental knowledge of industry-standard frameworks.
• Strong analytical/problem-solving skills and cross-functional knowledge across multiple IT operational and security disciplines.
• Ability to communicate technical concepts to a broad range of technical and non-technical staff.
• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change.
• One or more programming/scripting languages (e.g., C++, Perl, Java, Python, etc.)
• In depth knowledge in the use of databases for reporting (SQL language) * Working knowledge of the applications of Artificial Intelligence in security