Cyber Defensive Operations Planner

Arlington, Virginia
May 28, 2022
Jun 04, 2022
Full Time

You will continually engage in learning activities to enhance and then apply your developing expertise in one of the following six technical capabilities--Cyber Defensive Operations, Mitigation and Response, Digital Forensics, Vulnerability Assessment, Cybersecurity Threat Analysis, or Cybersecurity Research & Development-- to perform a range of tasks, including:
  • Applying intermediate-level, broad cybersecurity expertise to proactively identify significant cybersecurity challenges to be addressed during planning exercises
  • Researching cyber defense capabilities from across industries and sectors and preparing reference materials in preparation for convening cybersecurity leaders to plan against potential cyber events
  • Participating in targeting selection, validation, synchronization and enabling integration during the execution of cyber actions
  • Assisting in the development and interpretation of policies, procedures, and strategies governing the planning and execution of cyber defensive operations
  • Supporting strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations

DHS Cybersecurity Service employees with a technical capability in Cybersecurity Defensive Operations - Planning, Execution, and Analysis will generally apply their expertise to:
  • Integrate, manage, and execute of all aspects of the cyber-attack lifecycle to inform cyber defensive operations
  • Plan and execute end-to-end cybersecurity operations to defend protected assets
  • Plan collection operations, retrieve and analyze key intelligence data
  • Understand where to focus surveillance
  • Oversee specialized denial and deception operations and collection of cybersecurity information that informs and develops the end-to-end operations

DHS Cybersecurity Service employees with a technical capability in Mitigation and Response will generally apply their expertise to:
  • Track and respond to prioritized urgent IT and cyber events and indicators of compromise (IOCs) to mitigate threats to networks, systems, and applications
  • Investigate and analyze response activities and employs various advanced response and recovery approaches as appropriate
  • Apply understanding of tactics, techniques, and procedures for investigative processes, including identifying adversaries' TTPs and applying corresponding defense or security controls
  • Conduct root cause analysis and response coordination, providing recommendations for mitigation
  • Execute recovery action plans and adapts plans to handle new developments

DHS Cybersecurity Service employees with a technical capability in Digital Forensics will generally apply their expertise to:
  • Collect, process, analyze, interpret, preserve, and present digital evidence in support of network vulnerability mitigation, intelligence operations, and different types of investigations (including but not limited to administrative, criminal, counterintelligence, and law enforcement)
  • Apply Tactics, Techniques and Procedures (TTP) for investigative processes

DHS Cybersecurity Service employees with a technical capability in Vulnerability Assessment will generally apply their expertise to:
  • Conduct assessments of threats and vulnerabilities on networks/systems software and hardware and develop and recommends appropriate mitigation countermeasures
  • Develop and conduct tests of systems to evaluate compliance with specifications and requirements in accordance with policy, benchmarks and industry best practices, by validating technical, functional, and performance characteristics of systems or their elements
  • Coordinate and align with program offices and various stakeholders

DHS Cybersecurity Service employees with a technical capability in Cybersecurity Threat Analysis will generally apply their expertise to:
  • Collect, analyze, and report on cybersecurity threats and threat actors to support operations
  • Understand and analyze different sources of information (e.g., INTs [intelligence], open source, law enforcement data) on specific topics or targets
  • Provide tactical/operational analysis, including attribution of cyber actors using a variety of analytic techniques and tools
  • May also provide strategic-level analysis to support broader mission
  • Develop and communicate situational awareness of local, regional, and international cybersecurity threats impacting stakeholder missions and interests

DHS Cybersecurity Service employees with a technical capability in Cybersecurity Research & Development will generally apply their expertise to:
  • Conduct technology and/or feasibility research, development, and assessments
  • Provide, build, test and support a prototype capability and/or evaluates its security and utility
  • Plan, conduct or oversee comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems
  • Ensure appropriate security measures are considered throughout each phase of the R&D lifecycle


Conditions of Employment

  • You must be a U.S. Citizen or national.
  • You must be 18 years of age.
  • Must be registered for the Selective Service (if you are a male).
  • Must be able to obtain and maintain a TOP SECRET/SCI security clearance.
  • Must be able to submit to a drug test and receive a negative result.
  • Must be able to comply with ethics and standards of conduct requirements, including completing any applicable financial disclosure.
  • May be required to serve a 3 year probationary period.


This position is in the Developmental Track at the Associate Cybersecurity Specialist career level. At this level, individuals generally:
  • Have 3+ years of cybersecurity work experience, and
  • Can serve as a cybersecurity professional with some experience who applies still-burgeoning technical expertise to perform routine work with significant supervision and clear guidance.
DHS Cybersecurity Service employees start at career levels and salaries matching their experience and expertise. To learn more about DHS Cybersecurity Service career tracks and levels, visit our application portal .

When you submit your application, you will have the opportunity to select which of the following six capabilities is your primary technical capability-reflecting your primary area of expertise that you would apply on the job:
  • Cyber Defensive Operations- Planning, Execution, and Analysis
  • Mitigation and Response
  • Digital Forensics
  • Vulnerability Assessment
  • Cybersecurity Threat Analysis
  • Cybersecurity Research & Development

DHS Cybersecurity Service jobs are structured cybersecurity specializations - called technical capabilities. To learn more about technical capabilities, visit our application portal .


Experience with Infrastructure Sectors


Degrees are not required for jobs in the DHS Cybersecurity Service, but DHS is interested in your level of education and the topics you studied. As you submit initial application information, you will be asked questions about your education.

Additional information

Benefits: DHS Cybersecurity Service employees receive a range of federal employment benefits designed to support their professional and personal lives. To learn more about benefits, visit our application portal .

More information about the specific benefits available to you will be provided as you progress through the application process.

Background Investigation: To ensure the accomplishment of its mission, the Department of Homeland Security (DHS) requires each and every employee to be reliable and trustworthy. To meet those standards, all selected applicants must undergo and successfully complete a background investigation for a security clearance as a condition of placement in this position. This review includes financial issues such as delinquency in the payment of debts, child support and/or tax obligations, as well as certain criminal offenses and illegal use or possession of drugs.

Pursuant to Executive Order 12564 and DHS policy, DHS is committed to maintaining a drug-free workplace and, therefore, conducts random and other drug testing of its employees in order to ensure a safe and healthy work environment. Headquarters personnel in safety- or security-sensitive positions are subject to random drug testing and all applicants tentatively selected for employment at DHS Headquarters are subject to drug testing resulting in a negative test result.