Analyze information requirements. Evaluate analytically and systematically problems of workflow, organization, and planning and assists Senior Computer Systems Analyst and Computer Systems Analyst develop appropriate corrective action. Help develop plans for automated information systems from project inception to conclusion. Define the problem, and develop system requirements and program specifications, from which programmers prepare detailed flow charts, programs, and tests. Under the supervision of a Senior Computer Systems Analyst or a Computer Systems Analyst, coordinate closely with programmers to ensure proper implementation of program and system specifications. Develop, in conjunction with functional users, system alternative solutions. Perform tactical real-time data monitoring of alert, session, statistical and full content data. All detected incidents shall be escalated to the Incident Handling Branch. If required, Tier 1 analysts will discuss and/or escalate findings internally within the IDS Team prior to escalation to the Incident Handling Branch. Provide feedback and recommendations for the different types of events that are detected. The issue escalates
• DoD Secret Clearance
• Current DoD 8570.01-M CSWF IAT Level II certification
• CEH or CND-A Certification
• Experience to include AS&W, IDS, WIDS, WIPS and SIEM
Monitoring of wired (classified and unclassified) and wireless networks with onsite manning to support 24x7x365 operations to include weekends, holidays, and days the government is shut down. The Contractor shall have at least two personnel on duty after business hours and be able to recall personnel to the affected Government site location within 2 hours to support cyber operations. Correlation and Analysis personnel perform IDS Data correlation and strategic analysis, in addition to real-time monitoring and analysis. This will consist of historical correlation and data mining. Tier 2 analysts shall validate and report on what is escalated by Tier 1 IDS analysts and provide guidance to all of the Tier 1 analysts. They shall also provide feedback and recommendations for the different types of events that they see. Designated Tier 2 analysts will perform signature analysis/creation and/or assist Tier 3 analysts and the IDS Security Researchers with signature production/modification and configuration changes. All Tier 2 analysts will support the IDS Security Engineers with ongoing projects if additional assistance is needed. The issue escalates to Tier 3 personnel when required. TIER 2 shall comprise no less than 40 percent of the IDS staff.
• Collect, normalize, and correlate network/host event data on U.S. Classified, Unclassified (wired and wireless), and a government owned commercial circuit for identification of unauthorized insider activity, criminal activity, and advanced persistent threats.
• Monitor the Pentagon backbone networks for network and computer intrusions or attacks.
• Apply configurations to the detection systems to allow detection of signature based and anomalous activity.
• Detect suspicious activity and create cases for action by the Incident Handling Branch.
• Apply both vendor and custom signatures to prevent, detect, and block malicious activity.
• Maintain an automated log of key actions to include changes to configuration and signatures.
• Maintain an SOP of all required actions and procedures.
The analyst will provide support for the IDS team to manage and perform active defense and prevention network security monitoring functions for the Attack Sensing &Warning (AS&W) of JSP tenants and customers throughout the National Capital Region. The JSP sensor grid includes the Intrusion Detection Systems (IDS), Wireless IDS (WIDS), Intrusion Prevention Systems (IPS), Wireless Intrusion Prevention System (WIPS), web content filtering, enterprise proxy, Secure Sockets Layer (SSL) decryption, firewall, Packet Capture (PCAP), net flow, session and system log data which is fed and correlated in the enterprise Security Information and Event Management (SIEM) System. Operate the JSP ADP Program IAW applicable CNDSP Evaluation Scoring Metrics, DoD and CJCSM regulations along with CND SOPs and government direction. This capability will be required for U.S. Secret, U.S. Unclassified networks, and a commercial connection.
• Provide an onsite support, staffing plan/roster for the 24x7x365 ADP offices located in the Pentagon, and potential surge support to meet mission critical AS&W requirements. Validate the staffing plan at least monthly to ensure accuracy.
Experience deploying various network defense tools (ie. IDS, IPS, Packet Capture, Flow, Session, SEIM, Proxy, Web Content Filtering, SSL Decryption).