full-time employee contract
Computer Network Defense Intrusion Analyst
The successful candidate will work with multiple components in support of the subscribers of the Defense Information Systems Agency (DISA) Computer Network Defense Service Provider (CND-SP) and other supported components. The candidate will interact with members of intrusion analysis, incident response, vulnerability assessment, external assessment, and cyber threat analysis teams to support the capabilities of the organization and provide effective services to its subscribers.
Specific duties include:
- First-level/follow-on intrusion incident analysis
- Incident, event, and mission impact determination/escalation/prioritization
- Data entry into incident management and tracking database
- Coordination of incident and event feedback to customers
- Customer Support Desk operations
- Support IA Ops reviews, assessments, exercises, and operations surges
- Incident-event-network outage correlation
- Anti-virus software support – Assist with download, setup and configuration errors
- Coordination between Theater CND teams, other Computer Emergency Response Teams (CERT), Global, Joint or Theater Command and Control Centers, and Service Theater CERTs
• Education: Bachelor's degree in a computer science, electrical engineering, or similarly related technical discipline + 5 years of experience in a technical environment, or Master’s Degree + 2 years’ experience, or relevant certification + 10 years’ experience, two years of which shall be with an accredited Computer Network Defense Service Provider or equivalent.
• Licenses/Certification: DOD 8570.01M CND Analyst or CND Incident Responder (Security+CE minimum to start). Certified Ethical Hacker (CEH) will be required within 4 months of start date
• Candidate must have an active TS clearance (or TS/SCI). Will be processed for TS/SCI.
• Knowledge of security concepts, protocols (TCP/IP, HTTP, etc.), well-known ports (DNS, SMTP, FTP, LDAP, etc.), processes, architectures, and tools (authentication and access control technologies, intrusion detection, network traffic analysis, SIM technology, incident handling, media/malware analysis, etc.)
• Experience with analyzing network traffic for suspicious and malicious activity using tools such as Wireshark (or equivalent) for packet capture analysis and the Carnegie-Mellon SiLK suite for flow data analysis
• Experience with incident/event correlation tools such as ArcSight
• Scripting Language (one or more of the following): Perl/Python/BASH
• Current knowledge of CYBERCOM CNDSP policies and procedures
• Knowledge of Snort intrusion detection signatures
Hours: 40 hrs/week; Shift work with ability to work on a schedule that may include nights, weekends, and holidays.
Location: Scott AFB, IL (O'Fallon, IL)
POC: Mark Aschenbach, firstname.lastname@example.org, (703) 488-2073.