Computer Network Defense (CND) - Detect -TS/SCI - Colorado Springs

Colorado Springs, CO
May 18, 2017
May 23, 2017
Full Time
Mission Statement: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.

Monitor Splunk for Alerts Monitor HBSS Monitor Fidelis Monitor IDS Develop Indicators for detecting Monitor Network Flows Review Device Logs Monitor DCO and Cybercom chat rooms for new indicators Initial Triage for Detected Incidents Daily Status report for Open Incidents Maintain Daily Operations Log for Incident Detection


    Develop content for Computer Network Defense (CND) tools Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources

    Coordinate with enterprise-wide computer network defense (CND) staff to validate network alerts Monitor external data sources (e.g., computer network defense [CND] vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of CND threat condition and determine which security issues may have an impact on the enterprise

    Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment

    Perform computer network defense (CND) trend analysis and reporting

    Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

    Provide daily summary reports of network events and activity relevant to computer network defense (CND) practices

    Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts

    Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities

    Use computer network defense (CND) tools for continual monitoring and analysis of system activity to identify malicious activity

    Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information

    Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)

    Determine appropriate course of action in response to identified and analyzed anomalous network activity Conduct tests of information assurance (IA) safeguards in accordance with established test plans and procedures

    Determine tactics, techniques, and procedures (TTPs) for intrusion sets

    Examine network topologies to understand data flows through the network

    Recommend computing environment vulnerability corrections

    Identify and analyze anomalies in network traffic using metadata

    Conduct research, analysis, and correlation across a wide variety of all source data sets (e.g., indications and warnings)

    Validate Intrusion Detection System (IDS) alerts against network traffic using packet analysis tools Triage malware

    Identify applications and operating systems of a network device based on network traffic

    Reconstruct a malicious attack or activity based on network traffic

    Identify network mapping and operating system fingerprinting activities

Must be DOD 8570 CND-IS with in 90 days of hire Must possess and maintain a US TS/SCI Security Clearance

Education Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

Qualifications 5-8 years of related experience in data security administration.



    Must be capable of obtaining and maintaining a TS/SCI Security ClearanceMust be able to achieve Security+ CE Certification (or equivalent) within 90 days of hire for positions requiring elevated privileges and ITIL V3 Foundation within six months of hire.Additional specific certifications may be required, depending on job assignment.The work is typically performed at client site locations, which requires proper safety precautions; work may require some physical effort in the handling of light materials, boxes or equipment.This position may be required to complete short-term deployments to austere locations worldwide.Requests for reasonable accommodations will be considered to enable individuals with disabilities to perform the principal (essential) functions of this job.The above job description is not intended to be, nor should it be construed as, exhaustive of all responsibilities, skills, efforts, or working conditions associated with this job.
 As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.