CYBERSECURITY NETWORK DEFENSE ANALYST (ERDC-21-0020-F)
Bowhead is seeking a Cybersecurity Network Defense Analyst to join our team in Vicksburg, MS. The Cybersecurity Network Defense Analysts use data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. They provide on-site 24x7x365 operational support in the form of event/incident handling and analysis capability to cybersecurity service subscribers. These highly skilled individuals will work in various capacities alongside Warning Intelligence Analysts and Engineers.
The Cybersecurity Network Defense Analysts will work in the Attack Sensing and Warning (AS&W) division which senses changes in subscriber networks through comparison to established baselines and the fusion/integration of closed and open source intelligence to enhance sensing capability. They will perform the analysis of disparate data sources to form a cohesive view of the current cyber security state. They will characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
These positions are in a 24x7x365 Cybersecurity environment and qualified candidates must be able to work 12 hour shifts – day or night.
• Receive and distribute AS&W information;
• Conduct AS&W activities to develop appropriate response (receives and archive task orders, directives, and other required actions,
• Maintain internal and external source location information);
• Coordinate AS&W information from other sources to aid in analysis of alerts.
• Analyze the Intrusion Detection System alerts to identify unauthorized or anomalous activity.
• Identify, documents, and reports unauthorized activity/attacks (including IP addresses and ports, attack vector, and attack timeframe) in all incidents and reports per HPCMP CSSP sops.
• Take action, if appropriate, to prevent or mitigate potential impact to the DODIN based on cyber threats, and develop and distribute countermeasures and interim guidance to prevent or mitigate threats and/or attacks on DODIN.
• Monitor a platform capable of performing information security continuous monitoring (ISCM) for the purposes of detecting cyber intrusions, attacks, anomalous behavior, and possible insider threats.
• Collect intrusion artifacts (e.g., source code, malware, and trojans)
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
• Report incidents and events within proper channels and within timelines identified in the CJCSM 6510.01B
• Provide a 24/7x365 event/incident handling and analysis capability;
• Provide operations log accessible to personnel documenting all mandated reportable cyber events/incidents;
• Analyze detected cyber events to identify incidents;
• Categorize and characterize cyber incidents;
• Notify affected Subscribers of cyber incidents and collect assessments of mission impact for the loss of the system during the incident response process;
• Analyze cyber incidents to develop specific responses;
• Distribute tailored countermeasures or interim guidance to Subscribers to eradicate and prevent cyber incidents across all subscribers;
• Perform forensic analysis of systems and malware in cases where subscribers lack the capability and ensure relevant IOCs are shared with Warning Intelligence;
• Mitigate operational and/or technical impact due to cyber incidents;
• Contain the spread of malware to prevent further damage to IT systems through detection, analysis, and execution of containment measures.
• A Bachelor's degree or equivalent experience is required in addition to at least two (2+) years intrusion detection experience, at least two (2+) years relevant IT and/or System administrator experience and at least two (2+) years relevant Information Security experience
• Must have the certifications for DOD 8570 IAT Level II (at a minimum) and have the certifications for DOD 8570 CSSP-Analyst or CSSP-Incident Responder
• Must have the ability to earn DoD 8570 computing environment certification within 6 months
• Understanding of network hardware devices and experience configuring Access Control Lists or other Firewall or Router configuration experience
• Ability to demonstrate strong knowledge of computer security concepts
• Ability to communicate effectively, interpret regulatory guidance and identified vulnerabilities to a wide audience.
• Advanced knowledge of network technologies and protocols
• Advanced understanding of current threats and trends present in the Information Security and Technology field
• Must complete the specified Joint Qualification Requirement training within 180 days of date of hire, unless otherwise specified.
• Intermediate to advanced level skills in Microsoft Office software suite - Word, Excel, Outlook, PowerPoint
• Ability to communicate effectively with all levels of employees and outside contacts
• Strong interpersonal skills and good judgment with the ability to work alone or as part of a team
SECURITY CLEARANCE REQUIRED: Must be able to obtain a Secret clearance however candidates who currently hold and are able to maintain an active Secret clearance are highly encouraged to apply. Candidates must have the ability to obtain/maintain a Top Secret/SCI. US Citizenship is a requirement for Secret clearance at this location.
Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC’s Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant’s resume/application may be subject to verification.
Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes.
UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act.
All candidates must apply online at www.uicalaska.com, and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance (https://uicalaska.com/careers/recruitment/).
UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar corporation recognized as one of the top 25 8(a) companies for government contracting.
Link to Apply:https://rn21.ultipro.com/UKP1001/JobBoard/JobDetails.aspx?__ID=*1C61D18D93D5FD57
UIC and its Family of Companies is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.Please view Equal Employment Opportunity Posters provided by OFCCP
here.The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
Intrusion Detection And Prevention