Cyber Incident Analyst – San Antonio, TX
PRIMARY DUTIES:*Conduct network security monitoring and intrusion detection analysis using selected IDS/IPS toolset
*Research defensive cyber operations events to determine the necessity for deeper analysis and conduct an initial assessment of type and extent of intruder activities.
*Enter event data into mission support systems according to operational procedures and reports through the operational chain.
*Record suspicious events, meeting established thresholds, into the operational database for suspicious traffic. Records shall contain sufficient information to stimulate future research of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity.
*Compile suspicious events records and other artifacts as part of its Monthly Operational Report.
*Provide pass-on information to bring incoming crews up to speed on latest suspicious traffic seen from a given port, IP, etc.
*Coordinate with the Crew Commander for authorization before departing after pass-on to incoming shift.
*Provide DCO, tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises.
*Must be willing to receive additional training and maintain position qualification to perform assigned duties, as required.
BASIC QUALIFICATIONS:Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas: IP addressing and domain name service; network components; Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP); and understand the network Open Systems Interconnection (OSI) model.
EDUCATION REQUIREMENTS:*One or more of the following IAT Level II Certifications (GSEC, Security +, SSCP, CCNA-Security, CYSA+)
*CND Certification (GCIA, CEH, GCIH, CYSA+)
* Must have active TS/SCI
* Must be able to work shifts as required.