Position Summary:
Red River is seeking a Residency Services team member to join our team based in San Antonio for our important Air Force customer. They will be supporting a mission with multiple other Residents from Red River. The ability of the AFCERT to complete its mission is dependent upon accurate, timely and thorough near real-time network security monitoring and analysis of the Air Force network/systems DCO events. Real- Time analyst contractors are required to provide 24-hour coverage (work) for seven (7) days a week, 365 days a year with zero tolerance for error.
Primary Position Tasks:
Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas: IP addressing and domain name service; network components; Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP); and understand the network Open Systems Interconnection (OSI) model. Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
* Review all Near Real-Time IDS/IPS alerts per AFCERT Operating Instruction (OI) and checklists at the AOL, COOP, or Ops Floor
* Conduct near real-time security monitoring and intrusion detection analysis for all systems
* Comply with 3rd party MOU/MOA monitoring and reporting requirements.
* Monitor security sensors to analyze Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) to identify and correlate security issues/events and review logs to identify intrusions for remediation.
* Analyze and manage analysis results to identify and mitigate threats and enforce corrective actions. * Analyze traffic/logs/events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities.
* Utilize tools and techniques to perform initial analysis, de-obfuscation, or other manipulation of malware related data.
* Conduct Incident intake and record suspicious events into the operational database for suspicious traffic. These records shall contain sufficient information to stimulate future analysis of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity, update tickets (CAT events) for reporting of cyber events.
* Perform initial analysis of security events, network traffic.
* Enter event data into mission support systems IAW AFCERT operational procedures and reports.
* Compile suspicious events records and other artifacts as part of its Monthly Operational Report.
* Escalate security incidents using established policies and procedures.
* Generate end-of- reports (MISREPS) and provide pass-on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no more than a 5% error rate.
* Provide computer security-related support to AF field units in countering vulnerabilities, minimizing risk, and improving the security posture of AF networks and systems within the scope of AFCERT operational requirements and mission execution.
* Provide focused DCO tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises.
* Conduct 24x7x365 near real-time network security monitoring and intrusion detection analysis for the networks, systems monitored using AF's selected IDS/IPS capabilities with no more than a 5% error rate. Incident Response (ACD Operator - Requires Mission Ready Status)
Subscribe to job alerts and upload your resume!
*By registering with our site, you agree to our
Terms and Privacy Policy.