USfalcon, Inc., recognized as one of the fastest growing, privately held companies in the United States, is seeking a Cyber Incident Responder to work at Peterson AFB, CO.
THIS POSITION IS CONTINGENT BASED ON CONTRACT AWARD
SUMMARY: The purpose of this position is to perform Defensive Cyberspace Operations (DCO) activities for Air Force Space Command (AFSPC). Performance is based at Peterson AFB, Colorado. The purpose of the DCO support is to enable protection from, detection of, and response to cyber threats.
- Have experience providing recommendations on Tactics, Techniques, and Procedures (TTPs), Standard Operating
Procedures (SOPs), training materials, Operational Instructions (OI’s), and other materials to include
identifying information to be monitored; systems/software to provide monitoring capabilities; recommended
event triggering thresholds; incident response measures; cyber security reporting processes and
procedures; and recommended actions to implement similar capabilities across AFSPC’s portfolio.
- Monitor applicable systems and take action as necessary to comply with US Cyber Command (USCYBERCOM)
directions and task orders (TASKORDS).
- Maintain awareness of ground segment architecture for space mission system network traffic conditions,
performance, bandwidth indicators, anomaly alerts, unauthorized activity, audit logs, and any on-going cyber
event or incident.
- Notify on-duty government crew commander and/or crew chief immediately when an anomalous condition is
discovered and recommend fix-actions IAW Government-approved procedures/documentation.
- Identify and document unauthorized activity and/or attacks to include: source/destination addresses and ports,
attack vector (e.g. network intrusion, web-based, etc.) and attack timeframe.
- Ensure consistent and complete shift turnover of events/incidents, updating event/incident analysis records and
maintain event/incident dashboards and records in accordance with Government-approved procedures and
- Conduct Malware Protection (MP) activities including monitoring network and/or host-based security, malware
incidents, and malware detection signature currency.
- Provide support for Vulnerability Management (VA) and Malware Protection activities outlined in ESM v9.2 as well
as support the appropriate organization conducting VAA.
- Support the Government in implementing defense-wide VAA notification, reporting, and coordination activities.
- Be familiar with and monitor and report mission system response to INFOCON/CPCON changes by maintaining
visibility into compliance with INFOCON/CPCON change orders.
- Assist the Government and provide cyber defense of the ground segment architecture for space mission system
in Vulnerability Management (VM) activities.
- Provide recommendations and if required, take corrective actions to mitigate potential vulnerabilities or threats
in accordance with CJCSM 6510.01B. No more than zero (0) occurrences of failing to comply with CJCSM
6510.01B Appendix B incident reporting timelines.
- Conduct vulnerability trend analysis from Vulnerability Scans (VS) and communicate trend analysis results to
- Present and deliver relevant intrusion analysis and correlation information to enable ground segment
architecture for space mission system operations and sustainment decisions.
- Shall support cyber incident handling operations to minimize potential loss and destruction, mitigation of
weaknesses that were exploited, and restoration of mission systems services.
- Receive and perform preliminary analysis on warning intelligence information. This includes but is not limited to
correlating and characterizing unauthorized activity notices from intelligence organizations as well as assessing
applicability of intelligence threat reports to defended mission systems and recommending and implementing
mitigations if deemed applicable.
- Provide recommendations to improve cyber-attack mitigation as well as warning intelligence information sharing
between intelligence organizations and mission systems as a part of process improvement initiatives.
- Provide technical expertise in the creation of courses of action, as appropriate, to remediate or mitigate
Department of Defense Information Network DODIN/Special Enclave (SE) attacks (e.g. cyber intelligence and/or
- Correlate threat and vulnerability data to provide analysis and recommendations of actions to
mitigate/remediate issues on affected systems.
- Understand the current network architecture and provide recommendations for the optimal placement of
- Support the DCOM in failover operations in the event of system/network cyber outages.
- Provide in-depth analysis of incidents by determining the incidents’ nature and formulating responses, identifying
and correlating event and incident data, determining actions to be taken, and determining possible effects on
the ground segment architecture for space mission system.
- Assist mission systems government/contractor crew member in writing and submitting timely Cyber Incident
Reports and provide a copy to the respective Government representative.
- Prepare after action reports of cyber incidents and track open mitigation procedures. No more than one (1)
missed deadline per year in submitting after action reports and tracking open mitigation procedures when
requested by the Government.
- Additional duties as assigned.
- Minimal CONUS travel.
- Bachelor’s degree in a technical field (STEM) from an accredited institution.
- Four (4) years of Cyber Intrusion experience.
- Candidate shall possess appropriate CSSP certification per DoD 8570.01-M for CSSP Analyst and CSSP Incident
Responder categories with minimum of three (3) years of experience in CSSP certified work.