Red River is seeking a Residency Services team member to join our team based in San Antonio for our important Air Force customer. They will be supporting a mission with multiple other Residents from Red River. The ability of the AFCERT to complete its mission is dependent upon accurate, timely and thorough near real-time network security monitoring and analysis of the Air Force network/systems DCO events. Real- Time analyst contractors are required to provide 24-hour coverage (work) for seven (7) days a week, 365 days a year with zero tolerance for error Primary Position Tasks:
• Review all Near Real-Time IDS/IPS alerts per AFCERT Operating Instruction (OI) and checklists at the AOL, COOP, or Ops Floor
• Conduct near real-time security monitoring and intrusion detection analysis for all systems
• Comply with 3rd party MOU/MOA monitoring and reporting requirements.
• Monitor security sensors to analyze Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) to identify and correlate security issues/events and review logs to identify intrusions for remediation.
• Analyze and manage analysis results to identify and mitigate threats and enforce corrective actions. • Analyze traffic/logs/events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities.
• Utilize tools and techniques to perform initial analysis, de-obfuscation, or other manipulation of malware related data.
• Conduct Incident intake and record suspicious events into the operational database for suspicious traffic. These records shall contain sufficient information to stimulate future analysis of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity, update tickets (CAT events) for reporting of cyber events.
• Perform initial analysis of security events, network traffic.
• Enter event data into mission support systems IAW AFCERT operational procedures and reports.
• Compile suspicious events records and other artifacts as part of its Monthly Operational Report.
• Escalate security incidents using established policies and procedures.
• Generate end-of- reports (MISREPS) and provide pass-on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no more than a 5% error rate.
• Provide computer security-related support to AF field units in countering vulnerabilities, minimizing risk, and improving the security posture of AF networks and systems within the scope of AFCERT operational requirements and mission execution.
• Provide focused DCO tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises.
• Conduct 24x7x365 near real-time network security monitoring and intrusion detection analysis for the networks, systems monitored using AF's selected IDS/IPS capabilities with no more than a 5% error rate. Incident Response (ACD Operator - Requires Mission Ready Status)
- Contract support requires 100% DoD 8570.01 IAT Level I CND compliance.Minimum Education/Certification/Experience Requirements:
Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas: IP addressing and domain name service; network components; Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP); and understand the network Open Systems Interconnection (OSI) model. Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
- Contract support requires 100% DoD 8570.01 IAT Level I CND compliance.
- Primary OS Certification Level for this position is GCIA, GNFA or GCDA.
BA/BS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree preferred Essential Elements
(Mental; Physical; Equipment used):
This position is an office position that requires remaining in a stationary position for multiple hours throughout the workday. [ Lifting of up to x#, bending, frequent walking is required ]
This position requires the ability to continuously communicate with co-workers throughout the day utilizing Red River approved and/or provided communication tools and equipment.
Must be willing to work shift work.Special Requirements:
This position will operate from the location specified above, no travel
The incumbent must currently hold a security clearance at the Top Secret/SCI level. US Citizenship is a requirement for Top Secret clearance at this location.
Red River offers a competitive salary, excellent benefits and an exceptional work environment. You can review our benefit offerings here
. If you are ready to join a growing company, please submit your resume and cover letter (optional).EOE M/F/DISABLED/Vet
Red River is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.
Red River does not accept unsolicited resumes from individual recruiters or third party recruiting agencies in response to job postings or otherwise. Placement fees will not be paid to any recruiter unless Red River has an active agreement in place with the recruiter and such a request has been made by the Red River Talent Acquisition team and such candidate was submitted to the Red River Talent Acquisition Team via our Applicant Tracking System. Any unsolicited resumes or other data submitted to Red River in violation of this policy may be used by Red River without obligation to pay any fees of any kind to the recruiter.