Job description
Position: Intrusion Detection Monitoring/Incident Management
Location: Scott AFB, IL
Security Clearance Required:TS/SCI
Security Clearance Required:TS/SCI
Position Type Standard Work Hours: Full-time/40 hours per week/ On-Site
Summary / Objective:
Summary / Objective:
- Execute intrusion detection monitoring and incident response and management processes and procedures IAW DoD and USTRANSCOM policies and direction.
- Perform the day-to-day mission execution of the intrusion detection monitoring and incident management and response activity.
Primary Responsibilities:
- Provide intrusion detection monitoring, analysis, and incident management activities on-site 24/7/365 at Scott AFB.
- Intrusion detection/analysis/incident management activities shall be performed for all USTRANSCOM information systems/networks that subscribe to USTRANSCOM CSSP services. Intrusion detection monitoring and incident management tool suites consists of network and host-based sensors in all security domains and enclaves, log consolidation mechanisms, analysis platforms, and other products that may be directed or procured.
- Develop intrusion detection analytics (e.g., reports, dashboards, queries) to continuously enhance intrusion detection capabilities.
- Through the application of the intrusion detection monitoring and incident management tools and processes, identify unauthorized, malicious, or anomalous activity and initiate appropriate incident response actions in support of mission assurance for USTRANSCOM information systems and networks on NIPRNet and SIPRNet, to include USTRANSCOM cloud environments.
- Reviewing audit data, e-mail spam (also known as junk e-mail or unsolicited bulk e- mail), and network traffic data for irregularities or other indications of real or potential security violations.
- Correlating and analyzing security data and events from alert and traffic flow systems (e.g., intrusion detection system/intrusion prevention system (IDS/IPS), routers, Netflow, firewall).
- Identifying potential distributed, long-term, coordinated, low-visibility network-based attacks and potential advanced persistent and coordinated threats across multiple platforms.
- Performing tuning and optimization tasks to include sensor rule review and log aggregation/visibility.
- Developing/enhancing existing intrusion detection analytics/dashboards/signatures to remain commensurate with evolving cyber threat.
- Investigating all security related events and incidents involving USTRANSCOM information systems.
- Reporting identified security incidents through the Joint Incident Management System (JIMS) or other DoD approved reporting process IAW CJCSM; includes details of initial detection through resolution (e.g., source/destination addresses and ports, delivery vector, attack timeframe, attack methods and root cause).
- Perform incident response based on security events identified.
- Reviewing and sharing significant activity via SIGACT reports and Attack Sense and Warning (AS&W) tippers.
- Generate and share Suspicious Network Activity Reports (SNARS).
- Tracking acknowledgements of SNARS and AS&W tippers from the CSSP Subscriber community.
- Develop and deploy countermeasures in response to cybersecurity incidents, or upon request from USTRANSCOM government, IAW the USTRANSCOM Incident Response Plan.
- Analyze and identify root cause(s) and lessons learned from security incidents; documenting a formal after actions report (AAR) IAW USTRANSCOM Incident Response Plan.
- Provide recommendations to the government related to tactical response actions, such as updating signatures and heuristics (e.g., firewall rules, proxy blocks, HBSS rules, EDR).
- Maintain an inventory of log data sources and resident locations (e.g., USTRANSCOM log consolidation server, DISA consolidated log environment).
- Maintain a daily activity log containing continuous event management updates and shift-turnover details of events/incidents.
- Maintain the existing configuration and integrity of the intrusion detection monitoring and incident management tool suite IAW applicable policies and instructions.
- Develop new intrusion detection signatures and modify the signatures at the direction of the government; report false positive alerts IAW applicable USCYBERCOM/JFHQ DODIN orders.
- Develop and maintain security analysis scripts and analytic displays.
- Maintain visibility and continuity of system/service application/security/environment logs within designated aggregation repositories.
- Perform reviews of implemented cybersecurity defense IDS/IPS rules, exceptions, and log availability, content and intrusion detection signatures.
- Perform reviews of aggregated log data to identify missing required sources and ensure log data format IAW USTRANSCOM logging standards.
- Work with program managers and system administrators to obtain logs in standard format for centralized log aggregation.
- Operate and maintain a service assurance capability for intrusion detection monitoring and incident management tools.
- Provide compliance data to government in response to USCYBERCOM/JFHQ DODIN orders; develop and update POA&Ms.
- Submit requests for exemption to policy/direction that cannot be complied with IAW prescribed DoD policy/instruction.
- Ensure BCM plans are in place, executable, and followed for intrusion detection monitoring and incident management activities IAW USTRANSCOM’s Continuity of Service Plan.
- Collect and provide the Government with monthly metrics on intrusion detection monitoring and incident management activity; lists of sensor signature updates, uptime statistics based on service availability for intrusion detection monitoring and incident management tools (e.g., network and host-based sensors, log consolidation mechanisms, analysis platforms) based on service assurance monitoring.
- Number and type of cyber incidents by category IAW CJCSI 6510.01F
- Number of successful and attempted penetrations of command information systems and megabytes per incident of confirmed data loss from penetrations of USTRANSCOM networks.
- Accounting of availability of critical system/service logs within designated aggregation repository, listing source/viability/content.
- Maintain current documentation on intrusion detection monitoring and incident management processes and procedures and provide the following deliverable documents to the government IAW the assigned suspense dates:
- USTRANSCOM Cyber Incident Response SOP & associated checklists.
- USTRANSCOM Cyber Monitoring SOP & associated checklists.
- USTRANSCOM Sensor and Consolidated Logging Infrastructure SOP & associated checklists.
- USTRANSCOM Cyber Incident Reporting SOP & associated checklists.
- USTRANSCOM Security Event / Incident Analysis SOP & associated checklists.
Required Education and/or Experience:
- IAT-II and CSSP-A.
- 3+ yrs Cybersecurity Tech.
Supervisory Responsibilities:
This position does not supervise the work of others.
This position does not supervise the work of others.
Work Environment:
This job operates in a professional office environment. This role routinely uses standard office equipment.
Physical Demands:
Must be able to operate a computer and other standard office equipment.
Travel:
Very little.
Other Duties:
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and/or activities may change at any time with or without notice.
AAP / EEO Statement:
BTAS is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
BTAS is an E-Verify program participant.
jjbodyshop.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, jjbodyshop.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, jjbodyshop.com is the ideal place to find your next job.