• Cyber Incident Responder

    Job Locations US-CO-Colorado Springs
    Job ID
    2018-2065
    Category
    Engineering
    Clearance Level
    TS/SCI
  • Overview

    USfalcon, Inc., recognized as one of the fastest growing, privately held companies in the United States, is seeking a Cyber Incident Responder to work at Peterson AFB, CO.

    THIS POSITION IS CONTINGENT BASED ON CONTRACT AWARD

    SUMMARY: The purpose of this position is to perform Defensive Cyberspace Operations (DCO) activities for Air Force Space Command (AFSPC). Performance is based at Peterson AFB, Colorado. The purpose of the DCO support is to enable protection from, detection of, and response to cyber threats.

    Responsibilities

    - Have experience providing recommendations on Tactics, Techniques, and Procedures (TTPs), Standard Operating

      Procedures (SOPs), training materials, Operational Instructions (OI’s), and other materials to include

      identifying information to be monitored; systems/software to provide monitoring capabilities; recommended

      event triggering thresholds; incident response measures; cyber security reporting processes and

      procedures; and recommended actions to implement similar capabilities across AFSPC’s portfolio.
    - Monitor applicable systems and take action as necessary to comply with US Cyber Command (USCYBERCOM)

      directions and task orders (TASKORDS).
    - Maintain awareness of ground segment architecture for space mission system network traffic conditions,

      performance, bandwidth indicators, anomaly alerts, unauthorized activity, audit logs, and any on-going cyber

      event or incident.
    - Notify on-duty government crew commander and/or crew chief immediately when an anomalous condition is

      discovered and recommend fix-actions IAW Government-approved procedures/documentation.
    - Identify and document unauthorized activity and/or attacks to include: source/destination addresses and ports,

      attack vector (e.g. network intrusion, web-based, etc.) and attack timeframe.
    - Ensure consistent and complete shift turnover of events/incidents, updating event/incident analysis records and

      maintain event/incident dashboards and records in accordance with Government-approved procedures and

      documentations.
    - Conduct Malware Protection (MP) activities including monitoring network and/or host-based security, malware

      incidents, and malware detection signature currency.
    - Provide support for Vulnerability Management (VA) and Malware Protection activities outlined in ESM v9.2 as well

      as support the appropriate organization conducting VAA.
    - Support the Government in implementing defense-wide VAA notification, reporting, and coordination activities.
    - Be familiar with and monitor and report mission system response to INFOCON/CPCON changes by maintaining

      visibility into compliance with INFOCON/CPCON change orders.
    - Assist the Government and provide cyber defense of the ground segment architecture for space mission system

      in Vulnerability Management (VM) activities.
    - Provide recommendations and if required, take corrective actions to mitigate potential vulnerabilities or threats

      in accordance with CJCSM 6510.01B. No more than zero (0) occurrences of failing to comply with CJCSM

      6510.01B Appendix B incident reporting timelines.
    - Conduct vulnerability trend analysis from Vulnerability Scans (VS) and communicate trend analysis results to

      respective leadership.
    - Present and deliver relevant intrusion analysis and correlation information to enable ground segment

      architecture for space mission system operations and sustainment decisions.
    - Shall support cyber incident handling operations to minimize potential loss and destruction, mitigation of

      weaknesses that were exploited, and restoration of mission systems services.
    - Receive and perform preliminary analysis on warning intelligence information. This includes but is not limited to

      correlating and characterizing unauthorized activity notices from intelligence organizations as well as assessing

      applicability of intelligence threat reports to defended mission systems and recommending and implementing

      mitigations if deemed applicable.
    - Provide recommendations to improve cyber-attack mitigation as well as warning intelligence information sharing

      between intelligence organizations and mission systems as a part of process improvement initiatives.
    - Provide technical expertise in the creation of courses of action, as appropriate, to remediate or mitigate

      Department of Defense Information Network DODIN/Special Enclave (SE) attacks (e.g. cyber intelligence and/or

      threats).
    - Correlate threat and vulnerability data to provide analysis and recommendations of actions to

      mitigate/remediate issues on affected systems.
    - Understand the current network architecture and provide recommendations for the optimal placement of

      detection sensors.
    - Support the DCOM in failover operations in the event of system/network cyber outages.
    - Provide in-depth analysis of incidents by determining the incidents’ nature and formulating responses, identifying

      and correlating event and incident data, determining actions to be taken, and determining possible effects on

      the ground segment architecture for space mission system.
    - Assist mission systems government/contractor crew member in writing and submitting timely Cyber Incident

      Reports and provide a copy to the respective Government representative.
    - Prepare after action reports of cyber incidents and track open mitigation procedures. No more than one (1)

      missed deadline per year in submitting after action reports and tracking open mitigation procedures when

      requested by the Government.
    - Additional duties as assigned.
    - Minimal CONUS travel.

    Qualifications

    - Bachelor’s degree in a technical field (STEM) from an accredited institution.
    - Four (4) years of Cyber Intrusion experience.
    - Candidate shall possess appropriate CSSP certification per DoD 8570.01-M for CSSP Analyst and CSSP Incident

      Responder categories with minimum of three (3) years of experience in CSSP certified work.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed