Cyber Fusion and Countermeasures Analyst

Employer
AboutWeb
Location
For Meade, MD
Posted
Jun 23, 2017
Closes
Aug 02, 2017
Function
Analyst
Hours
Full Time
Cyber Fusion and Countermeasures Analyst

In support of countermeasure requirements, the candidates will:
· Provide support the mission of verifying the effectiveness of countermeasures implemented on the boundary, network, and host levels.
· Execute in real time, in accordance with mission requirements, ArcSight reporting to provide effectiveness metric for DODIN-wide mitigations.
· Inject countermeasures recommended by the Countermeasure Duty Officer (CMDO).
· Create and continuously refine ArcSight reports to show CM effectiveness. Provide leading experts in the field of DoD computer network defense with an understanding of the lifecycle of the network threats, attack vectors, and network vulnerability exploitation
· Collaborate with CMDO, FDO, DNDO, Boundary Tool team lead, and the DCC ArcSight SME provided by another DISA activity to create content in the ArcSight Security Information and Event Management (SIEM) in order to provide validation for the mitigations incorporated into the DODIN defense policy by the CMDO
· Review created content at regular intervals to ensure continuous effectiveness and advise Boundary Tool team lead, along with DCC NA government leadership on network defense tool calibration Brief CC/S/A/FA on the status of DoDIN defense through collaboration meetings
· Assist in development threat mitigation-related mission related orders to include Task Orders (TO), Warning Orders (WARNORD), and Fragmentary Orders (FRAGO)
· Consume and analyze operational reporting from cyber organizations; prepare and deliver situational awareness and operational update briefings to DISA leadership Monitor, process, and utilize DoD classified and unclassified networks Respond to official questions through Request For Information (RFI) tools
· Review and monitor incident response and status for accuracy and clarity from CC/S/A/FA utilizing current and future tools; including the Joint Computer Emergency Response Team CERT Database (JCD) and the Joint Incident Management System (JIMS)
· Maintain situational awareness of cyber activity in the Information Technology (IT) by reviewing open source reporting for new vulnerabilities, malware, or other threats that have the potential to impact the DoDIN
· Coordinate with other cyber elements to obtain information for slides, briefings, presentations, or other situational awareness products
· Participate in command exercises and provide feedback in after action reports
· Respond to DISA requirements for real world and exercise Contingency Operations (COOP) and National Capital Region (Client) catastrophic events.
· Produce statistics-based status updates outlining Arbor tool mitigations and its effectiveness; brief said updates at recurring intervals Participate in and contribute to other Boundary Tools working groups.
In support of Cyber Fusion, the candidate will:
· Monitor, correlate, and analyze all operational reporting received from DOD, Intelligence, and LE sources pertaining to intrusion-related activities
· Create incident reports, wiki updates, collaboration/chat tippers and notifications, DOD incident handling database queries, metrics, and trend reports Participate in command exercises and provide feedback in after action reports
· Respond to USCYBERCOM requirements for real world and exercise Contingency Operations
· Conduct the preparation and delivery of daily situational awareness and operational update briefings to DISA leadership
Required Skills
TS/SCI clearance; Considerable ArcSight experience is highly desirable. IAT II and CNSDSP certifications are required.
Familiarity with Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) is a plus.