Computer Network Defense Intrusion Analyst - Military veterans preferred
2019-01-10 ManTech (www.mantech.com)
Hill Afb Utah United States
We support the Defense Information Systems Agency’s (DISA) new DISA Global Operations Command-West (DGOC-W) operations on Hill AFB, UT. We support this critical mission providing a globally accessible enterprise information infrastructure directly supporting joint warfighters and national level leaders across the full spectrum of military operations.
The successful candidate will work with multiple components in support of the subscribers of the Defense Information Systems Agency (DISA) Computer Network Defense Service Provider (CND-SP) and other supported components. The candidate will interact with members of intrusion analysis, incident response, vulnerability assessment, external assessment, and cyber threat analysis teams to support the capabilities of the organization and provide effective services to its subscribers.
Incident, event, and mission impact determination/escalation/prioritization.
Data entry into incident management and tracking database.
Coordination of incident and event feedback to customers.
Customer Support Desk operations.
Support IA Ops reviews, assessments, exercises, and operations surges.
Incident-event-network outage correlation.
Anti-virus software support – Assist with download, setup and configuration errors.
Coordination between Theater CND teams, other Computer Emergency Response Teams (CERT), Global, Joint or Theater Command and Control Centers, and Service Theater CERTs.
DoD 8570 IAT Level II (Security+ CE or equivalent) – MANDATORY to start.
Certified Ethical Hacker (CEH) will be required within 4 months of start date.
Candidate must have an active TS clearance (or TS/SCI). Will be processed for TS/SCI.
Bachelor's degree in a computer science, electrical engineering, or similarly related technical discipline + 5 years of experience in a technical environment, or Master’s Degree + 2 years’ experience, or relevant certification + 10 years’ experience, two years of which shall be with an accredited Computer Network Defense Service Provider or equivalent.
US Citizenship is required.
Knowledge of security concepts, protocols (TCP/IP, HTTP, etc.), well-known ports (DNS, SMTP, FTP, LDAP, etc.), processes, architectures, and tools (authentication and access control technologies, intrusion detection, network traffic analysis, SIM technology, incident handling, media/malware analysis, etc.).
Experience with analyzing network traffic for suspicious and malicious activity using tools such as Wireshark (or equivalent) for packet capture analysis and the Carnegie-Mellon SiLK suite for flow data analysis.
Experience with incident/event correlation tools such as ArcSight.
Scripting Language (one or more of the following): Perl/Python/BASH.
Current knowledge of CYBERCOM CNDSP policies and procedures.
Knowledge of Snort intrusion detection signatures.