Security Clearance: This position requires an active Secret upgradable to Top Secret/SCI.
Position Description: The candidate will identify, isolate, investigate, inform, and implement measures to detect and protect data across a wide spectrum of source types and locations. The candidate is required to validate suspicious events or reports and determine if the event constitutes an incident. The candidate will ensure incidents are properly entered into the appropriate automated reporting system and determine the severity of the incident. Reporting and response measures will be taken immediately in order to meet the Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01 reporting requirements. Candidate must have in depth technical expertise with packet analysis, SNORT/Suricata/ BRO development and implementation.
Educational Requirements: Bachelor’s degree in Computer Science, Information Systems, or other related scientific or technical discipline. To qualify based on your experience your resume must describe at least 5 years of information technology experience and a minimum of 2-3 years of network security analysis using various IDS/IPS systems.
You will be evaluated on the basis of your level of competency in the following areas:
- Knowledge of Information Technology
- Knowledge of Incident Response Procedures
- Knowledge of Digital Forensics
- Knowledge of Packet Analysis
- Logical thinking and analytical ability.
- The ability to solve problems independently.
- Verbal and written communication ability.
- Sound decision-making ability.
Position Requirements and Duties:
- Active Secret Upgradable to Top Secret/SCI Clearance Required
- 8570.01-M CND Incident Responder Category IAT I, II or III Certification Required
- Excellent oral and written communications skills.
- Familiarity with CJCSM 6510.01.
- The ability to compile and maintain internal standard operating procedure (SOP) documentation.
- Ensure associated documentation and capabilities remain compliant with CJCSM 6510.01A and other applicable policy directives.
- Provide network intrusion detection and monitoring, correlation analysis, incident response and support for the Network Security Operations Center (NSOC) and its subscriber sites.
- Validate suspicious events or reports and determine if the event constitutes an incident and properly enter associated data into the appropriate automated reporting systems.
- Provide coordination of significant incidents with CYBERCOM and supported entities to ensure proper analysis is performed and timely and accurate reporting of the incident is affected.
- Provide, develop, and maintain a forensic capability to enhance response to, support of, and investigation into significant network incidents in order to provide a clearer view of the exploits, vulnerabilities, and TTPs used to cause the incident.
- Provide support for the NSOC’s Incident Response 24x7 support capability during non-core business hours consistent with CNDSP requirements as needed.
- Participate in program reviews, product evaluations, and onsite certification evaluations.
- Experience with Splunk, Flow Analysis Tools, IDS/IPS, etc.
- Have in depth technical expertise with packet analysis, SNORT / Suricata / BRO development and implementation
- Familiarity with Linux at the CLI level and conducting analysis at the packet level.
- The ability to ingest adversarial tactics, techniques, and procedures in order to remain flexible and functional.
Additional Information: Due to the nature of the work required, operations are conducted 24/7/365 with three primary shifts. Choice of shifts will be made available with the understanding that placement is at the discretion of the CND Services Director and/or assigned manager.
[EOE AA M/F/Veteran/Disability]