Senior Cyber Security Analyst

  • Leidos
  • Stuttgart, Germany
  • 30/04/2024
Full time Data Science Data Analytics Statistics DevOps Cybersecurity

Job Description

Leidos is seeking an Cyber Network Defense Engineer in Stuttgart, Germany to perform technical work as part of an integrated team of cyber subject matter experts (SMEs) supporting DISA Europe (DISA-EUR). The DISA-EUR CSI team provides enhanced security capabilities and analytics to onsite real time analysts in support of a global mission to defend the Department of Defense mission networks.

If selected, you will be part of a multi-disciplinary team that supports the active and passive Cyber Network Defense (CND) tools deployed in support of DISA-EUR Defensive Cyberspace Operations (DCO). The ideal candidate must be able to integrate with other technical teams, with DISA personnel, with vendor technical support personnel, and with technical representatives from DoD services, working as part of an integrated, cross-platform team that provides CND capability locally and DoD-wide in support of short and long-term sustainment and operations.


  • Provide maintenance, support, and ongoing performance enhancements on multiple Elastic instances.
  • Perform system upgrades, troubleshooting, and resolving infrastructure and system issues, as well as log ingestion and communication issues.
  • Provide Tier III support to O&M staff handling trouble tickets or other issues. Build and maintain Kibana visualizations and dashboards to provide information to cyber defenders of the platform and support staff.
  • Create, recommend, and assist with development of new security content as the result of coordination with other teams, to include signatures, alerts, workflows, and automation
  • Develop new processes, procedures, and playbooks for countermeasure implementation as new technologies are deployed in the environment
  • Develop scripts to support cyber threat detection that outputs results in a variety of formats, such as VB scripts, Python, C++, HTML, XML or other type most appropriate for the task
  • Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise
  • Understand intrusion sets, TTPs, and threat actors to better tailor countermeasure deployment across the enterprise


  • Top Secret clearance is required
  • DoD 8570 IAT II certification is required prior to start
  • Bachelor’s degree and 8+ years of directly relevant experience or Master's and 6+. Additional experience, education and training may be considered in lieu of degree.
  • Well versed in TCP/IP communications
  • Have a general knowledge of router and firewall functionality on a network
  • Have experience with Elastic Common Schema and scaling of Elastic to support new log types
  • Have excellent skills with Ansible and Python scripting, Linux CENTOS/ Red Hat operating system commands, File data storage, indexing, and searching via Elasticsearch
  • Familiar with Pull API Architecture (e.g., EDR to SIEM)
  • Excellent written and verbal communications skills and be able to appropriately present highly technical material to both technical and non-technical audiences


  • Experience configuring and maintaining the tool in a multi-tenant environment
  • Experience with the following technologies:
    Kafka, Splunk, Streamsets or other log manipulation/parsing tools, SOAR integration (Demisto, Phantom)
  • Hands on experience in operations of sizing, monitoring, management, and open-source tools, including Kafka, Logstash, Beats, Elasticsearch, Kibana, and Splunk
  • Knowledge of planning and executing data retention and life cycle management plans
  • Experience with data lifecycle management, to include common ETL (Extract, Transform, Load) techniques, preferably with Logstash and Beats
  • Hands on experience administrating Elasticsearch clusters (10+ Data nodes)
  • Experience with load balancing, DNS, TLS certificate generation and SAML integration.
  • Experience in IT with a focus in Linux sysadmin, databases, containers, and cyber operations
  • Experience managing Linux hosts (CentOS / RHEL preferred), to include securing to defined baselines (such as NIST 800-53, DISA STIGs, etc.)
  • Experience planning and integrating data schemas and KQL / Lucene query syntax
  • Experience developing custom visualizations in Kibana to convey custom analytics
  • Experience with automated configuration management tools (Ansible), containers/orchestration (Docker, Kubernetes), and version control systems (GitHub, GitLab)
  • Proficiency with programming and scripting concepts, preferably in Python, for custom development and integrations
  • Strong networking background with analytical and problem-solving/troubleshooting skills to effectively resolve problems both in development and production
  • A proven track record of successes where you developed an understanding of what made a difference, and devised architectures that helped meet a goal or tackle a problem.
  • A real passion for being curious and a continuous learner.

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $101,400.00 - $183,300.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.