Today
Secret
Unspecified
Unspecified
IT - Security
Colorado Springs, CO (On-Site/Office)•Huntsville, AL (On-Site/Office)
Description
Provide oversight and guidance on the MDA Cybersecurity Service Provider - Computer Emergency Response Team's (MDA CSSP-CERT's) Cyber Defense and Incident Response program and serve as the primary POC for Jr and Mid Cyber Defense Analyst Perform Defensive Cyber Operations (DCO)/Cyber Security Service Provider (CSSP) duties outlined in Evaluator Scoring Metrics (ESM) Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture Perform preliminary analysis, identification, and response actions to detect, characterize, and respond to cyber incidents IAW CJCSM 6510.01B Lead event/incident investigations from start to conclusion, to include gathering data, analysis, and reporting Properly document all steps in the incident response process while taking care to preserve and protect incident artifacts, evidence, and chain of custody Analyze correlated assets, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture Support a Cyber Defense Analyst and Cyber Defense Incident Responder training plan by instructing, evaluating, and mentoring Junior Cyber Defense Analyst and Cyber Defense Incident Responders Support the development, establishment, review and update of DCO procedures, processes, manuals, and other documentation Leverage actionable Cyber Threat Intelligence data to search for indicators of compromise and develop SIEM content/ signatures to detect known attack patterns and make recommendations for improvements Coordinate with CSSP-CERT subscribers to develop current configurations, rules, and signatures for cyber security related toolsets Coordinate with CSSP-CERT subscribers to notify, investigate, and remediate discrepancies in security logging and CSSP-CERT alignment Provide standardized and targeted training in support of CSSP-CERT subscriber cyber defense and incident response programs Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document/report the findings in accordance with CJCSM 6510.01B guidelines Provide support to internal and external Insider threat and law enforcement / counterintelligence (LE/CI) agencies during cyber incidents / investigations Position may require up to 25% travel in support of MDA remote site integration activities Other duties as assigned
Requirements
Education/Training:
Experience:
Preferred Experience:
Security:
Physical Requirements:
Benefits
Salary: $135,000 - $160,000
Salary rates for this position are competitive and commensurate with experience and industry standards. We offer a comprehensive benefits package that may include health insurance, paid time off, and retirement savings options.
Provide oversight and guidance on the MDA Cybersecurity Service Provider - Computer Emergency Response Team's (MDA CSSP-CERT's) Cyber Defense and Incident Response program and serve as the primary POC for Jr and Mid Cyber Defense Analyst Perform Defensive Cyber Operations (DCO)/Cyber Security Service Provider (CSSP) duties outlined in Evaluator Scoring Metrics (ESM) Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture Perform preliminary analysis, identification, and response actions to detect, characterize, and respond to cyber incidents IAW CJCSM 6510.01B Lead event/incident investigations from start to conclusion, to include gathering data, analysis, and reporting Properly document all steps in the incident response process while taking care to preserve and protect incident artifacts, evidence, and chain of custody Analyze correlated assets, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture Support a Cyber Defense Analyst and Cyber Defense Incident Responder training plan by instructing, evaluating, and mentoring Junior Cyber Defense Analyst and Cyber Defense Incident Responders Support the development, establishment, review and update of DCO procedures, processes, manuals, and other documentation Leverage actionable Cyber Threat Intelligence data to search for indicators of compromise and develop SIEM content/ signatures to detect known attack patterns and make recommendations for improvements Coordinate with CSSP-CERT subscribers to develop current configurations, rules, and signatures for cyber security related toolsets Coordinate with CSSP-CERT subscribers to notify, investigate, and remediate discrepancies in security logging and CSSP-CERT alignment Provide standardized and targeted training in support of CSSP-CERT subscriber cyber defense and incident response programs Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document/report the findings in accordance with CJCSM 6510.01B guidelines Provide support to internal and external Insider threat and law enforcement / counterintelligence (LE/CI) agencies during cyber incidents / investigations Position may require up to 25% travel in support of MDA remote site integration activities Other duties as assigned
Requirements
Education/Training:
- Master's Degree in Cybersecurity, Computer Science or related field required
- Must be able to obtain a DoD 8570.01-M IAT Level III certification with Continuing Education (CE) - (CASP+, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP) within six months of hire
- DoD 8570.01-M CSSP Analyst and CSSP Incident Responder certifications (CEH or CySA+ cover both) required
Experience:
- Must have 6 years of combined experience performing the full life cycle of incident response and enterprise-level monitoring and analysis of events
- Must have 2 years' experience in management or leadership in a team environment
- Be able to mentor and train personnel in an evolving, high-paced environment
- Be familiar with DoD Security Operations Centers (SOC) • Be familiar with DCO/Cybersecurity Service Provider (CSSP)-guiding security policies and procedures
Preferred Experience:
- Have experience with security analysis and solutions in a WAN/LAN environment to include Routers, Switches, Network Devices, and Operating Systems (e.g., Windows, and Linux)
- Have experience with other Security Operations Centers (SOC)/DCO tools/applications, such as Firewalls, Intrusion Detection Systems / Intrusion Prevention Systems, Network Security Manager, Forward Proxy, Spam Firewall, etc.
- Have experience analyzing security compliance scans performed across a WAN (ACAS/Nessus preferred)
- Have experience analyzing network and host-based threats (ESS preferred)
Security:
- Must be a US citizen
- Candidate must be in possession of a minimum DoD issued Secret Clearance
- Preference will be given to candidates with an active DoD issued Clearance at level Top Secret
Physical Requirements:
- Able to occasionally reach with hands and arms
- Prolonged periods of computer screen use, while sitting or standing at a desk
- Adhere to safety protocols when in work areas requiring use of PPE (e.g. eyewear, gloves, masks, hearing protection, steel toed shoes, etc.)
- Able to safely lift and carry up to 20 pounds at a time
Benefits
- Health Care Plan (Medical, Dental & Vision)
- Retirement Plan (401k, IRA)
- Life Insurance (Basic, Voluntary & AD&D)
- Paid Time Off (Vacation, Sick & Public Holidays)
- Short Term & Long Term Disability
- Training & Development
- Wellness Resources
Salary: $135,000 - $160,000
Salary rates for this position are competitive and commensurate with experience and industry standards. We offer a comprehensive benefits package that may include health insurance, paid time off, and retirement savings options.
group id: 10290392
