IA-Architect Modeler and Design Job Description: This is a shift work position and will require night, and weekend work to include some holidays.
This cybersecurity technical contractor will perform as part of the SOCOM Cyber Security Incident Response Team (CSIRT). The position will require someone who can conduct network audits, read and understand audit logs, and determine actions to be taken when discrepancies are detected. They will be required to monitor network security using tools such as McAfee Host Based Security System (HBSS), Sourcefire Intrusion Detection System (IDS), Bluecoat Web Filter, Ironport email Gateway, Splunk Security Information and Event Management (SIEM) system, Kiwi Syslog, and other Computer Network Defense (CND) tools for malicious activity or intrusion. The contractor should be able to respond to network intrusions and be familiar with performing limited forensic investigation. Security incidents will be reported to the government within 30 minutes of detection. This IA technical support position should be able to review security evaluations and vulnerability assessments using the Assured Compliance Assessment Solution (ACAS) and DISA Security Technical Implementation Guides (STIG) and will liaison with network and system administrators to correct identified problems. They will work closely with the USSOCOM Global NETOPS Control Center (GNCC) CND Watch to resolve detected network security incidents across the SOF Information Environment (SIE). The services provided by this contractor will help ensure USSOCOM Collateral and JWICS networks are well protected from both insider and outsider threat.
This position will work with USSOCOM government and contract personnel to develop processes or recommend solutions for improved correlation of audit data to detect malicious cyber incidents. Additionally, provide recommendations for improving audit gathering, retention, protection, and use. The contractor will work closely with HQ USSOCOM, SOCOM Components, Theater SOCS, and other SOF deployed units to resolve identified or suspected malicious activity. Review NTOC Advisories, Suspicious Activity Reports, Tippers, and other cybersecurity reports received from the Global NETOPS Support Center, USCYBERCOM, NSA, or other agency. The contractor will monitor the network for trusted insider threat, assist with classified data spill detections and clean-up, and provide advice on ports, protocols, and services change requests. This is a shift work position and will require night and weekend work.
Daily functions will include:
- Respond to cybersecurity incidents reported locally or from the Computer Network Defense Service Provider (CNDSP).
- Work closely with the CND Watch to quickly resolve identified security incidents.
- Work with end-users to collect data regarding cybersecurity incidents.
- Open incidents in the Remedy IT Service Request Management (ITSRM) system and track to completion.
- Monitor enterprise CND sensors for malicious traffic and intrusion attempts.
- Be familiar with customer cybersecurity policies and procedures and provide guidance to users as needed.
- Liaison with the CNDSP and USCYBERCOM on status of customer cybersecurity incidents and other cybersecurity responsibilities.
- Centrally manage day-to-day cybersecurity incidents.
- Work with Component and TSOC sites to gather data regarding detected cybersecurity incidents.
Minimum Education/Experience Requirements: Bachelor's degree in computer or systems science discipline and eight (8) years of progressive, relevant experience. Four (4) years of additional experience may be considered in lieu of a bachelor's degree. IAT Level 3 (Certified Information System Security Professional (CISSP) certification or equivalent) required within six (6) months of hire.
Working knowledge computer incident response procedures and techniques.
Must be comfortable with reviewing audit logs and searching for computer incidents.
Must have excellent communications skill (written and oral) and interpersonal skills.
Experience with the US Combatant Commands (USCENTCOM/USSOCOM) is desired.
Knowledge and experience with DOD IA processes and policies (e.g., CJCSM 6510.01, Incident Response, and other IA policies).
Work Hours: 24x7 Days, Mids and Late shifts to include weekends and holidays.
Active TS/SCI clearance required.
Sitting at desk. Phone use and PC or laptop. Filing required. May require lifting and carrying boxes of supplies or files up to 25 lbs. Extended periods of sitting while on PC/laptop or phone.
Work will be performed in a cubical environment inside a large facility.
Equipment and Machines:
General office equipment, which includes: telephone, fax machine, copier, PC/laptop, and other miscellaneous office equipment.
Work assignments dependent on requirements by the client. It is important to be able to work at least 8 hours a day for 5 days per week (Monday through Friday).
Other Essential Functions:
Must put forward a professional behavior that enhances productivity and promotes teamwork and cooperation. Must be well organized with the ability to coordinate and prioritize multiple tasks simultaneously. Must be able to communicate effectively, both verbally and in writing. Must be able to interface effectively with individuals at all levels of the organization. Grooming and dress usually business casual, but dependent on client's standards. Must not pose a safety hazard to employees working in the same general area.
The position for which you are applying for requires a US government security clearance. This is to advise you, that should you be extended an offer, if you possess a dual citizenship (i.e., citizen of the US and another country), in order to be granted a clearance you will be required to relinquish your citizenship in the foreign country.