Cyber Incident Analyst – San Antonio, TX

*Conduct network security monitoring and intrusion detection analysis using selected IDS/IPS toolset

*Research defensive cyber operations events to determine the necessity for deeper analysis and conduct an initial assessment of type and extent of intruder activities.

*Enter event data into mission support systems according to operational procedures and reports through the operational chain.

*Record suspicious events, meeting established thresholds, into the operational database for suspicious traffic. Records shall contain sufficient information to stimulate future research of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity.

*Compile suspicious events records and other artifacts as part of its Monthly Operational Report.

*Provide pass-on information to bring incoming crews up to speed on latest suspicious traffic seen from a given port, IP, etc.

*Coordinate with the Crew Commander for authorization before departing after pass-on to incoming shift.

*Provide DCO, tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises.

*Must be willing to receive additional training and maintain position qualification to perform assigned duties, as required.

Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas: IP addressing and domain name service; network components; Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP); and understand the network Open Systems Interconnection (OSI) model.

*One or more of the following IAT Level II Certifications (GSEC, Security +, SSCP, CCNA-Security, CYSA+)

*CND Certification (GCIA, CEH, GCIH, CYSA+)

* Must have active TS/SCI

* Must be able to work shifts as required.