No more applications are being accepted for this job
- Review all IDS/IPS alerts per AFCERT Operating Instruction (OI) and checklists at the AOL, COOP, or Ops Floor
- Develop, Review and Maintain procedures related to the overall monitoring of Hosts/Systems
- Comply with 3rd party MOU/MOA monitoring and reporting requirements
- Analyze traffic/logs/events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities
- Record who, what, where, why and when for any identified suspicious activity in case management system (CMS) case to enable additional investigations
- Generate end of mission reports (MISREPS) and provide pass‐on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc
- Provide computer security‐related support to AF field units (examples: 688 Cyber Wing Squadrons, Base Communications Squadrons, Mission Defense Teams), as directed by CCC, in countering vulnerabilities, minimizing risk, and improving the security posture of AF computers networks and systems within the scope of AFIN SOC operational requirements and mission execution
- Provide focused DCO tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises
- Conduct 24x7x365 near real‐time network security monitoring and intrusion detection analysis for the networks, systems monitored using AF's selected IDS/IPS capabilities with no more than a 1% error rate
- Create and document metrics for reporting and analysis to improve alert triage processes and mission execution
- Conduct intake of administrative and operational communication from external agencies and route the communication to the Mission Lead/Crew Commander
- Perform security checks every four hours to verify external doors are properly closed and no suspicious activity is taking place around the facility
- Initiate emergency checklists due to imminent threat, as directed by Crew Commander
- Inform Crew Commander for all anomalies to include, but not limited to: utility outages, flooding, sick/missing members, or any other irregularity with the potential to adversely impact the mission
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures
- Participate in planning, briefing, and debriefing tasks as directed by CDO Mission Lead or Crew Commander
- Accomplish assigned weapon system access, ORM, Go/No Go, reports, TTP updates and TAR submissions
- Execute approved scoping actions
- Execute approved response actions against target: accounts, registry configurations, files, processes, IP addresses, ports, domains, or other system components to contain compromises
- Analyze threat intelligence (TIPPERS) as directed by CDO Mission Lead or Crew Commander to include contextual information, IoCs, TTPs, vulnerabilities, effects, and actionable intelligence about threats mapped to the MITRE threat framework
- Work with CDO Mission Lead for prioritization and assignment of tasks
- Provide CDO Mission Lead support, notify CDOs of Crew Commander prioritized tasks, tracking all required mission systems and functions.
Cyber Defense Operator with Security Clearance - San Antonio, TX, United States - TEKsystems c/o Allegis Group
Description
(CDRL A002) -Monitor security sensors to analyze Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) to identify and correlate security issues/events and review logs to identify intrusions for remediation
Correlate suspicious events with network events, if possible, and data stored within databases and other external DoD resources, including but not limited to Big Data Platform (BDP)
(CDRL A008) -Enter event data into mission support systems in accordance with AFIN SOC operational procedures and reports
(CDRL A008) -Provide monthly performance metrics including but not limited to: readiness, qualifications, events processed, CAT events and incidents identified
(CDRL A005) -Escalate security incidents using established policies and procedures
The Crew Commander is responsible for all official reporting
Find endpoints matching target:
accounts, registry configurations, files, processes, IP addresses, ports, domains, or other correlating data to determine extent of compromises