Network Defense and Security Analyst

Company: SAIC
Location: San Antonio
Posted on: March 28, 2020

Job Description:

Description Join SAIC's Information Technology (IT) Support Services Team in the Network Operations and Security Center (NOSC) of the US Air Forces Central Command (USAFCENT) Communications Directorate (A6). This opportunity places you at the tip of the spear for Engineering, Operations and Maintenance, Cyber Security, and Defensive Cyber Operations supporting the warfighter in the Southwest Asia area. USAFCENT is the air component of United States Central Command (USCENTCOM), a regional unified command. USAFCENT, in concert with its coalition, joint and interagency partners, delivers decisive air and space power on behalf of USCENTCOM for the security and stability of the Southwest Asia (SWA) region. The USAFCENT NOSC delivers cyberspace command and control (C2) superiority to the warfighter by engineering, implementing, securing, managing, operating and maintaining USAFCENT's Non-Classified Internet Protocol Router Network (NIPRNet), Secret Internet Protocol Router (SIPRNet), USCENTCOM Partner Networks (CPN-X), and associated C2 networks, systems and services. The USAFCENT NOSC executes the full-spectrum of IT services management and operations for USAFCENT networks 24 hour-a-day, 7 day-a-week (247) and is tasked by USCENTCOM to provide information assurance (IA) boundary intrusion detection and intrusion prevention for USCENTCOM components. Comprised of NOSC operations, operations support, cybersecurity, network engineering, and command support functions, the USAFCENT NOSC plans, engineers, installs, integrates, operates and maintains, protects and manages enterprise-wide network and systems architecture, infrastructure and services and provides enterprise-level oversight to its subordinate and supported communications support activities. Candidates will be working at Shaw AFB, SC andor Lackland AFB, TX. Frequent temporary duty (TDY) andor deployment travel to OCONUS locations in the USCENTCOM AOR is required to support sustainment, site surveys, installations, upgrades, integration, testing, troubleshooting and other mission-related requirements. The candidate for this position provides solutions to a variety of technical problems of moderate scope and complexity where analysis of situations or data requires a review of the variety of factors through frequent use and application of technical standards, principles, theories, concepts and techniques. Network Defense and Security Analysis Provide correlation and analysis of cyberspace incident reports derived from reliable sources, network sensors, vulnerability management devices, open source information, and Industry Government provided situational awareness of known adversary activities. Applies expert knowledge of Named Areas of Interest (NAI) and advanced persistent threats to review, analyze, and maintain the content of an indicator database to aid in the detection and mitigation of threat activity. Utilize COTSGOTS analyses tool and expert knowledge to provide threat detection analysis and monitoring, correlation, and prevention of cyber threat activity targeting the customer network. This task requires technical knowledge on the utilization of government and industry capabilities, best security practices, advanced log analysis, forensics, network monitoring, network flow analysis, packet capture analysis, network proxies, firewalls, and anti-virus capabilities. Additionally, this task requires technical knowledge of forensics analysis to determine adversary methods of exploiting information system security controls, the use of malicious logic, and the lifecycle of network threats and attack vectors. Must produce reports on the unique TTPs utilized and conduct incident handlingtriage, network analysis and threat detection, trend analysis, metric development, and security vulnerability information dissemination. Must be able to assist the customer with developing metrics and trendinganalysis reports of malicious activity and develop signatures for threat detection. Specific duties for this position include, but are not limited to Ensure that the Monthly Status Report is provided IAW PWS directions. Assist other active duty, government civilians, and contractors assigned to the same functional areas to raise the level of proficiency and effectiveness of the team performing that function. Provide technical reports, meeting minutes, program plans, concepts of operations, contingency plans, and related documentation as identified for task deliverables Prepare and disseminate operational reports. A list of operational reports shall include, but is not limited to, AF Computer Emergency Response Team (AFCERT) daily operations report (DOR), operation report (OPREP), and situational report (SITREP), incident response, law enforcement, and recovery operations reports, Information protection bulletins (IP Bulletins), AFCERT Time Compliance Network Orders (TCNOs), malicious logicvirus notifications, INFOCONs, and other messages. Support real-time monitoring of all assigned IPSIPS deployed and supporting the USAFCENTUSCENTCOM mission. Monitor network traffic to provide event correlations of operational traffic from multiple locations to determine network security posture. Use standardprovided network tools to evaluate traffic for incident response analysis Coordinate and execute JTF-GNO Information Assurance Vulnerability Alert (IAVA) notices as applicable on USCENTCOM networkssystems with the USAFCENT NOSC. Maintain IDSIPS devices to ensure they are operating at optimal efficiency. Maintain Crew certification as required to operate on USCENTCOM, USAFCENT, and AF networks. IDSIPS Real-Time Monitoring Analysis. Network Event CorrelationAdvanced Traffic Analysis. Incident Response Analysis. Vulnerability Analysis. IDSIPS Sensor Maintenance. IDSIPS Database VPN Technical Support. Network Defense Training. Operational Process Tracking and Processing. Systems and Exercise Planning. The contractor shall Network Defense Technical Reports. Qualifications Bachelors and two (2) years or more experience Masters and 0 years related experience. In lieu of a degree, four (4) years of additional experience is required. In addition the following certifications and skills are required CISSP, CEH, MCP - Server, Network+ CE, and ITIL Foundation. Desired Qualifications ITIL 4 Foundation certification or any ITIL v3 Intermediate certification. Any equivalent CSSP-A certification, if not the certification listed above.

Keywords: SAIC, San Antonio , Network Defense and Security Analyst, Professions , San Antonio, Texas