Tier 1 and 2 Computer Network Defense Analyst Shift Work TS/SCI Required Bolling AFB Washington
Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
- Performs Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents.
- Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
- Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
- Evaluate firewall change requests and assess organizational risk.
- Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems.
- Assists with implementation of counter-measures or mitigating controls.
- Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
- Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
- Prepares incident reports of analysis methodology and results.
- Maintains current knowledge of relevant technology as assigned.
- Participates in special projects as required.
- Responsible for the analysis and triage of network anomalies that should be considered Events of Interest (EOI). Will provide basic assessment of the anomaly; designate it as an EOI and coordinate response with CND response team.
- Responsible for escalating EOIs to Responders in a timely manner; with all required information to ensure the response team may act upon it accordingly.
- Must have a good understanding of networks at a packet level. Must be able to analyze packet captures at the expert level.
- Must have experience using CND tools to detect network attack; these tools are:a. Enterprise Security Information and Event Management Systems (SIEM).
b. Intrusion detection and prevention systems (IDS; IPS).
c. Web Content monitoring systems (WebSense; Bluecoat).
d. Firewall and syslog logs.
- Must be able to review multiple data sources to gather Indications and Warnings and Attack Sensing and Warnings information.
- 2-5 years of related experience in data security administration.
- Requires DoD 8570: IAT III and CND-IR;.
- Must be willing to obtain and maintain a CI polygraph