Description
The U.S. Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a U.S. Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations.
Leidos is seeking an experienced Security Operations Architect / Deputy Program Manager to join our team. As a member of this highly technical contract team supporting U.S. Customs and Border Protection (CBP), you will be responsible for coordinating operations of tools, optimizing security operations efficiencies, maintaining situational awareness of security operations and incidents, leading crisis action teams & high priority incident response procedures, ensuring quality root cause analysis documents, management of tools and processes, incidents and investigations, and ensuring chain of custody during incident investigations in support of the protection of the customers’ systems, networks, and assets.
Primary Responsibilities:
The candidate shall provide support to CBP OIT’s Cybersecurity Directorate (CSD) in support of security operations, engineering, and security policy according to established policies, handbooks, and Standard Operating Procedures (SOPs). This support includes enhancing and maturing security operations by identifying new technologies for implementation, better utilizing tools that are currently deployed, and mature processes by facilitating Lessons Learned programs. The main focus of this task is to work with the OIT CSD teams to lead the design, implementation, and continuous improvement of cybersecurity operations. This role will serve as a strategic technical leader, collaborating across IT, security, and external teams to ensure robust detection, response, and recovery capabilities.
Provide architectural leadership and guidance during incident response events, coordinating with internal and external teams to analyze threats, contain breaches, and ensure timely recovery.
Architect and enhance cybersecurity operations platforms including SIEM, SOAR, EDR, NDR, Threat Intelligence Platforms (TIP), MDM, DLP, etc.
Design and optimize processes, technologies, and procedures surrounding security monitoring, incident detection/response processes, forensic collection and analysis, cyber threat hunting processes and procedures, and more.
Collaborate with SOC, Cyber Threat Intelligence, Digital Forensics, Cyber Threat Hunt, VAT/Penetration Testing Team, SIEM team, and engineering teams to ensure cohesive and scalable security operations to ensure the security operations architecture aligns with business objectives, compliance requirements, and organizational risk appetite.
Develop detection use cases and response playbooks, mapping to frameworks like MITRE ATT&CK, to proactively identify and respond to advanced threats and adversary Tactics, Techniques, and Procedures (TTPs).
Define performance metrics and KPIs for security operations effectiveness, leveraging dashboards, reports, and threat modeling to measure detection coverage, false positives/negatives, incident response times, and analyst resources.
Assist the Program Manager with developing and managing program roadmaps, budgets, timelines, and resource plans, coordinating efforts across security, IT, risk, and business units.
Serve as the primary liaison between cybersecurity teams and Program Leadership as well as executive stakeholders, effectively communicating program status, risks, and outcomes.
Monitor and report on program performance, using KPIs and metrics to assess progress, drive accountability, and support continuous improvement.
Basic Qualifications:
Effective communication skills with emphasis on attention to detail, ability to accurately capture and document technical remediation details, and ability to brief stakeholders on incident statuses, recovery and root causes.
Preferred Qualifications:
Required certifications:
The candidate should have at minimum ONE of the following certifications:
Clearance: Candidates must have a current Top Secret clearance with SCI eligibility.
Original Posting:
April 23, 2025
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:
Pay Range $126,100.00 - $227,950.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
