Computer Network Defense (CND) - Detect -TS/SCI - Colorado Springs

Colorado Springs, CO
May 18, 2017
Jun 19, 2017
Full Time
Mission Statement: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.


Monitor Splunk for Alerts Monitor HBSS Monitor Fidelis Monitor IDS Develop Indicators for detecting Monitor Network Flows Review Device Logs Monitor DCO and Cybercom chat rooms for new indicators Initial Triage for Detected Incidents Daily Status report for Open Incidents Maintain Daily Operations Log for Incident Detection

- Develop content for Computer Network Defense (CND) tools
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources 

    Coordinate with enterprise-wide computer network defense (CND) staff to validate network alerts

    Monitor external data sources (e.g., computer network defense [CND] vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of CND threat condition and determine which security issues may have an impact on the enterprise

    Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment

    Perform computer network defense (CND) trend analysis and reporting

    Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

    Provide daily summary reports of network events and activity relevant to computer network defense (CND) practices

    Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts

    Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities

    Use computer network defense (CND) tools for continual monitoring and analysis of system activity to identify malicious activity

    Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information

    Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)

    Determine appropriate course of action in response to identified and analyzed anomalous network activity

    Conduct tests of information assurance (IA) safeguards in accordance with established test plans and procedures

    Determine tactics, techniques, and procedures (TTPs) for intrusion sets

    Examine network topologies to understand data flows through the network

    Recommend computing environment vulnerability corrections

    Identify and analyze anomalies in network traffic using metadata

    Conduct research, analysis, and correlation across a wide variety of all source data sets (e.g., indications and warnings)

    Validate Intrusion Detection System (IDS) alerts against network traffic using packet analysis tools Triage malware

    Identify applications and operating systems of a network device based on network traffic

    Reconstruct a malicious attack or activity based on network traffic

    Identify network mapping and operating system fingerprinting activities
Must be DOD 8570 CND-IS with in 90 days of hire Must possess and maintain a US TS/SCI Security Clearance

Education Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

Qualifications 8-10 years of related experience in data security administration, including supervisory experience.

 Additional Requirements:

Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.


1. Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.

2. Supervises assigned staff. 

3. Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.

4. Perform preliminary forensic evaluations of internal systems.

5. Interfaces with client to understand their security needs and oversees the development and implementation of procedures to accommodate them.

6. Ensures that the user community understands and adheres to necessary procedures to maintain security.

7. Weighs business needs against security concerns and articulates issues to management and/or customers.

8. Maintains current knowledge of relevant technology as assigned. 

9. Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation

10. Maintains current knowledge of relevant technology as assigned.

11. Participates in special projects as required.

    Must possess and maintaining a TS/SCI Security ClearanceMust be able to achieve Security+ CE Certification (or equivalent) within 90 days of hire for positions requiring elevated privileges and ITIL V3 Foundation within six months of hire.Additional specific certifications may be required, depending on job assignment.The work is typically performed at client site locations, which requires proper safety precautions; work may require some physical effort in the handling of light materials, boxes or equipment.This position may be required to complete short-term deployments to austere locations worldwide.Requests for reasonable accommodations will be considered to enable individuals with disabilities to perform the principal (essential) functions of this job.The above job description is not intended to be, nor should it be construed as, exhaustive of all responsibilities, skills, efforts, or working conditions associated with this job.
 As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.