ACD Sensor Technical Services
Location: San Antonio, TX
Clearance: Active Secret (Upgradeable to TS/SCI)
DGS plans, implements, maintains, and documents the 33 NWS managed networks, and IDS/IPS. DGS develops, maintains, trains, certifies, and implements Defensive Cyber Operations (DCO) tools and procedures. AF DCO tools, systems and applications are comprised of government-off-the-shelf (GOTS) and commercial off-the-shelf (COTS) hardware and software. IDS/IPS systems include the following: Base Enclave Control System (ECN), or Automated Security Instrument Measurement (ASIM) replacement IDS/IPS (McAfee IPS), ArcSight Logger, CyberTap, Noesis, Cisco Secure IDS, Flow Packet Capture (PCAP) and IOP. Taskings include the following: Training, Standards and Evaluation, Operational Processes and Tasks (OP&T), Air Force Cyber Defense (ACD) Sensor Technical Services, ACD Network Systems Administration, ACD Forensic Network System Administration, ACD Junior Virtualization/UNIX Engineering, ACD Infrastructure Technical Services, ACD Data Base Administration, ACD Virtualization Engineering, ACD Infrastructure Engineering, ACD Sensor Engineering, Configuration Managing, and Systems Planning.
Sensor Technical services are performed on-site in the Mission Assurance Operations (MAO) flight 24-hours a day (24/7/365).
ACD Sensor Technical Services candidate will:
- Perform ACD Sensor Technical services supporting mission networks that are under the operational direction of the 33 NWS Maintenance Directorate, currently in the MAO Flight (Operation Support Tech section)
- Install, configure and manage Third Party IDS/IPS sensors in addition to troubleshooting, maintaining, monitoring the status of the entire ACD and Third Party IDS/IPS sensor fleet. Functions include performance on IOP gateway and Fly Away Kits (FAK) sensors, Cloud Shield, Palo Alto, McAfee IDS/IPS deployments, Full Packet Capture/Network Technology and Systems Administration (FPC/NTSA) systems, ArcSight and sensor fleet specialized applications (such as Fidelis), emerging IDS/IPS technologies and associated network infrastructure [Adaptive Security Appliance (ASA)/Virtual Private Network (VPN) concentrator], equipment/configurations and other Gateway, boundary and Third Party sensors
- Sustain the development and documentation of processes and checklists for maintenance associated with those systems
- Be trained, and certified by internal Quality Assurance Evaluator (QAE) personnel IAW 33 NWS QA processes
- Maintain its respective certifications IAW QA processes for maintenance functions
- Incorporate approved 33 NWS vendor trouble ticketing procedures (internal and external) for completion of ACD Sensor Tech taskings
- Maintain and manage software upgrades and patches and perform system changes for the IDS/IPS sensors ensuring proper configuration to Defense Information Systems Agency Security Technical Implementation Guide (DISA (STIG)) and AF (AFI and TO) standards to minimize the potential of unauthorized intrusions
- Deploy to any DoD network gateway, boundary or third party location with the necessary equipment to install IDS/IPS sensor(s), servers and network infrastructure hardware. Conduct the daily private key management
- Deploy additional new string matches and alerts to all deployed IDS/IPS sensors in support of 33 NWS mission requirements
- Deploy correlation rule sets base boundary (aka enclave control node, ECN) to correctly identify and process system alerts in support of 33 NWS mission requirements.
- Filter or "omit” sensor traffic
- Alert reporting activity does not need to be reviewed in a "real-time" operation by the 33 NWS analysts
- Monitor the effectiveness of the IDS/IPS sensor’s ability to collect and report suspicious network activity on AF networks
- Diagnostic testing and troubleshooting either remotely from the 33 NWS or through a local System Administration having direct access to the IDS/IPS sensor.
- Respond to inoperable systems is immediate
- Troubleshooting and fault isolation to sustain network connectivity between the correlators and sensor equipment, maintain COTS and GOTS sensor applications, harden Access Control Lists (ACL) to restrict unauthorized access to network, create and manage sensor user accounts, and assign the user specific rights to access network resources
- Work with AF field units to resolve network issues and perform actions necessary to ensure IDS/IPS sensors are collecting and reporting network activity
- Diagnose and resolve end user problems, and ensure the end users adhere to the proper security policies and procedures
- Active TS/SCI Clearance required (US Citizens Only)
- Required Certifications: DoDD 8570 IAT Level II IS & CND Support; and Linux+, Red Hat or CCNA
- High School Degree or GED
- 3 years experience with ACD Sensor Technical services
- 20% Travel required