Description

This position provides technical leadership to C5ISR Center Sustaining Base Network Assurance Branch (SBNAB) Defensive Cyber Operations (DCO) Security Operations Center (SOC). Beyond advising and guiding technical matters, this position is tasked with driving implementation and adoption of new tools, research, capabilities, frameworks, and methodologies while ensuring those already in use are implemented, utilized properly, and improved.

This person will serve as a Cyber Security Watch Officer (CSWO) supporting the SBNAB DCO Program. CSWOs are principally engaged in the triage of events, cyber incident handling, network analysis and threat detection, trend analysis, metric development, vulnerability information dissemination, and the DoD Cyber Security Service Provider (CSSP) methodology.

Primary Responsibilities

• Support the DBNAB DCO Battle Captain and Government leads with all Cyber Defense and Network Assurance issues.
• Oversee all network defense operations, and be familiar with the operations process flow and execution.
• Maintain awareness of all pertinent directives, orders, alerts, and messages; prepare and deliver daily situational awareness and operational update briefings.
• Serve as Defensive Cybersecurity SME during 24x7 operations.

Basic Qualifications

• Bachelor's degree and 2+ years of prior IT experience, or Associate degree with 4+ years of experience.
• Must have a DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent) to start.
• CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization.
• Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intelligence driven defense and/or Cyber Kill Chain methodology.
• Experience in a 24x7 environment.
• Must have an active Top Secret/SCI security clearance.

Preferred Qualifications

• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
• Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization.
• Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.
• Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.