ISO 9001:2015

9415 Dugas Drive, San Antonio Texas, 78245 • • Phone: 210.957.2800 • Fax: 210.957.3089

Cyber Incident Analyst

Primary Duties:

  • Conduct network security monitoring and intrusion detection analysis using selected IDS/IPS toolset
  • Research defensive cyber operations events to determine the necessity for deeper analysis and conduct an initial assessment of type and extent of intruder activities.
  • Enter event data into mission support systems according to operational procedures and reports through the operational chain.
  • Record suspicious events, meeting established thresholds, into the operational database for suspicious traffic. Records shall contain sufficient information to stimulate future research of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity.
  • Compile suspicious events records and other artifacts as part of its Monthly Operational Report.
  • Provide pass-on information to bring incoming crews up to speed on latest suspicious traffic seen from a given port, IP, etc.
  • Coordinate with the Crew Commander for authorization before departing after pass-on to incoming shift.
  • Provide DCO, tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises.
  • Must be willing to receive additional training and maintain position qualification to perform assigned duties, as required

Basic Qualifications:

Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas: IP addressing and domain name service; network components; Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP); and understand the network Open Systems Interconnection (OSI) model

Education Requirements:

  • One or more of the following IAT Level II Certifications (GSEC, Security +, SSCP, CCNA-Security)
  • CND Certification (GCIA, CEH, GCIH)

* Must have active TS/SCI
* Must be able to work shifts as required.