Cyber Incident Analyst
- Conduct network security monitoring and intrusion detection analysis using selected IDS/IPS toolset
- Research defensive cyber operations events to determine the necessity for deeper analysis and conduct an initial assessment of type and extent of intruder activities.
- Enter event data into mission support systems according to operational procedures and reports through the operational chain.
- Record suspicious events, meeting established thresholds, into the operational database for suspicious traffic. Records shall contain sufficient information to stimulate future research of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity.
- Compile suspicious events records and other artifacts as part of its Monthly Operational Report.
- Provide pass-on information to bring incoming crews up to speed on latest suspicious traffic seen from a given port, IP, etc.
- Coordinate with the Crew Commander for authorization before departing after pass-on to incoming shift.
- Provide DCO, tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises.
- Must be willing to receive additional training and maintain position qualification to perform assigned duties, as required
Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas: IP addressing and domain name service; network components; Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP); and understand the network Open Systems Interconnection (OSI) model
- One or more of the following IAT Level II Certifications (GSEC, Security +, SSCP, CCNA-Security)
- CND Certification (GCIA, CEH, GCIH)
* Must have active TS/SCI
* Must be able to work shifts as required.