Job ID: 199400
Location: SHAW AFB, SC, United States
Date Posted: Nov 15, 2019
Subcategory: Cyber Fusion Analyst
Shift: Day Job
Travel: Yes, 10 % of the Time
Minimum Clearance Required: TS/SCI
Clearance Level Must Be Able to Obtain: TS/SCI
Potential for Teleworking: No
Join SAIC’s Information Technology (IT) Support Services Team in the Network Operations and Security Center (NOSC) of the US Air Forces Central Command (USAFCENT) Communications Directorate (A6). This opportunity places you at the tip of the spear for Engineering, Operations and Maintenance, Cyber Security, and Defensive Cyber Operations supporting the warfighter in the Southwest Asia area.
USAFCENT is the air component of United States Central Command (USCENTCOM), a regional unified command. USAFCENT, in concert with its coalition, joint and interagency partners, delivers decisive air and space power on behalf of USCENTCOM for the security and stability of the Southwest Asia (SWA) region. The USAFCENT NOSC delivers cyberspace command and control (C2) superiority to the warfighter by engineering, implementing, securing, managing, operating and maintaining USAFCENT’s Non-Classified Internet Protocol Router Network (NIPRNet), Secret Internet Protocol Router (SIPRNet), USCENTCOM Partner Networks (CPN-X), and associated C2 networks, systems and services.
The USAFCENT NOSC executes the full-spectrum of IT services management and operations for USAFCENT networks 24 hour-a-day, 7 day-a-week (24/7); and is tasked by USCENTCOM to provide information assurance (IA) boundary intrusion detection and intrusion prevention for USCENTCOM components. Comprised of NOSC operations, operations support, cybersecurity, network engineering, and command support functions, the USAFCENT NOSC plans, engineers, installs, integrates, operates and maintains, protects and manages enterprise-wide network and systems architecture, infrastructure and services; and provides enterprise-level oversight to its subordinate and supported communications support activities.
Candidates will be working at Shaw AFB, SC and/or Lackland AFB, TX. Frequent temporary duty (TDY) and/or deployment travel to OCONUS locations in the USCENTCOM AOR is required to support sustainment, site surveys, installations, upgrades, integration, testing, troubleshooting and other mission-related requirements.
The candidate for this position provides technical solutions to a wide range of difficult problems where analysis of data requires evaluation of identifiable factors, provides imaginative, thorough, and practicable solutions consistent with organization objectives, possesses complete understanding and wide application of technical principles, theories, and concepts in the field, has general knowledge of other related disciplines, and provides direction to employees according to established policies and management guidance.
The Senior Network Defense and Security Analysis (Lead):
Provide correlation and analysis of cyberspace incident reports derived from reliable sources, network sensors, vulnerability management devices, open source information, and Industry/ Government provided situational awareness of known adversary activities.
Applies expert knowledge of Named Areas of Interest (NAI) and advanced persistent threats to review, analyze, and maintain the content of an indicator database to aid in the detection and mitigation of threat activity.
Utilize COTS/GOTS analyses tool and expert knowledge to provide threat detection analysis and monitoring, correlation, and prevention of cyber threat activity targeting the customer network. This task requires technical knowledge on the utilization of government and industry capabilities, best security practices, advanced log analysis, forensics, network monitoring, network flow analysis, packet capture analysis, network proxies, firewalls, and anti-virus capabilities. Additionally, this task requires technical knowledge of forensics analysis to determine adversary methods of exploiting information system security controls, the use of malicious logic, and the lifecycle of network threats and attack vectors.
Must produce reports on the unique TTPs utilized and conduct incident handling/triage, network analysis and threat detection, trend analysis, metric development, and security vulnerability information dissemination.
Must be able to assist the customer with developing metrics and trending/analysis reports of malicious activity and develop signatures for threat detection.
Specific duties for this position include, but are not limited to:
Ensure that the Monthly Status Report is provided IAW PWS directions.
Assist other active duty, government civilians, and contractors assigned to the same functional areas to raise the level of proficiency and effectiveness of the team performing that function.
Provide technical reports, meeting minutes, program plans, concepts of operations, contingency plans, and related documentation as identified for task deliverables
Prepare and disseminate operational reports. A list of operational reports shall include, but is not limited to, AF Computer Emergency Response Team (AFCERT) daily operations report (DOR), operation report (OPREP), and situational report (SITREP), incident response, law enforcement, and recovery operations reports, Information protection bulletins (IP Bulletins), AFCERT Time Compliance Network Orders (TCNOs), malicious logic/virus notifications, INFOCONs, and other messages.
Support real-time monitoring of all assigned IPS/IPS deployed and supporting the USAFCENT/USCENTCOM mission.
Monitor network traffic to provide event correlations of operational traffic from multiple locations to determine network security posture.
Use standard/provided network tools to evaluate traffic for incident response analysis
Coordinate and execute JTF-GNO Information Assurance Vulnerability Alert (IAVA) notices as applicable on USCENTCOM networks/systems with the USAFCENT NOSC.
Maintain IDS/IPS devices to ensure they are operating at optimal efficiency.
Maintain Crew certification as required to operate on USCENTCOM, USAFCENT, and AF networks.
IDS/IPS Real-Time Monitoring Analysis.
Network Event Correlation/Advanced Traffic Analysis.
Incident Response Analysis.
IDS/IPS Sensor Maintenance.
IDS/IPS Database & VPN Technical Support.
Standardization & Evaluation (Stan/Eval).
Operational Process Tracking and Processing.
Systems and Exercise Planning.
Network Defense Technical Reports.
Masters and three (3) years or more experience; PhD and 0 years related experience. In addition the following certifications and skills are required: CISSP, MCP – Server, Network+ CE, and ITIL Foundation.
ITIL 4 Foundation certification or any ITIL v3 Intermediate certification. Any equivalent CSSP-A certification, if not the certification listed above.
SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability