Computer Network Defense (CND) - Detect
1 day left
- Full Time
Mission Statement: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
Monitor Splunk for Alerts Monitor HBSS Monitor Fidelis Monitor IDS Develop Indicators for detecting Monitor Network Flows Review Device Logs Monitor DCO and Cybercom chat rooms for new indicators Initial Triage for Detected Incidents Daily Status report for Open Incidents Maintain Daily Operations Log for Incident Detection
- Develop content for Computer Network Defense (CND) tools
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
1.Coordinate with enterprise-wide computer network defense (CND) staff to validate network alerts
2.Monitor external data sources (e.g., computer network defense [CND] vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of CND threat condition and determine which security issues may have an impact on the enterprise
3.Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
4.Perform computer network defense (CND) trend analysis and reporting
5.Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
6.Provide daily summary reports of network events and activity relevant to computer network defense (CND) practices
7.Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
8.Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
9.Use computer network defense (CND) tools for continual monitoring and analysis of system activity to identify malicious activity
10.Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information
11.Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)
12.Determine appropriate course of action in response to identified and analyzed anomalous network activity
13.Conduct tests of information assurance (IA) safeguards in accordance with established test plans and procedures
14.Determine tactics, techniques, and procedures (TTPs) for intrusion sets
15.Examine network topologies to understand data flows through the network
16.Recommend computing environment vulnerability corrections
17.Identify and analyze anomalies in network traffic using metadata
18.Conduct research, analysis, and correlation across a wide variety of all source data sets (e.g., indications and warnings)
19.Validate Intrusion Detection System (IDS) alerts against network traffic using packet analysis tools Triage malware
20.Identify applications and operating systems of a network device based on network traffic
21.Reconstruct a malicious attack or activity based on network traffic
22.Identify network mapping and operating system fingerprinting activities
Must be DOD 8570 CND-IS with in 90 days of hire Must possess and maintain a US TS/SCI Security Clearance
Bachelors Degree in Computer Science, Engineering or a related technical discipline, or the equivalent combination of education, technical training, or work/military experience.
5-8 years of related systems engineering experience.
2. Knowledge of the associated hardware, software, and equipment.
3. Professional certification in one or more specific technologies may be required, depending on job assignment.
* Must be capable of obtaining and maintaining a Top Secret/SCI (or applicable clearance level) Security Clearance.
* Must be able to achieve Security+ CE Certification (or equivalent) within 90 days of hire for positions requiring elevated privileges and ITIL V3 Foundation within six months of hire.
* Additional specific certifications may be required, depending on job assignment.
* The work is typically performed in an office environment, which requires normal safety precautions; work may require some physical effort in the handling of light materials, boxes or equipment.
* This position may be required to complete short-term deployments to worldwide locations (or specific AOR).
* The above job description is not intended to be, nor should it be construed as, exhaustive of all responsibilities, skills, efforts, or working conditions associated with this job.
* Requests for reasonable accommodations will be considered to enable individuals with disabilities to perform the principal (essential) functions of this job.