CYBER SECURITY ANALYST - (ACD) REAL-TIME DETECTION (JBSA-21-0340-W):
Bowhead seeks a Cyber Security Analyst - (ACD) Real-Time Detection to support the AFCERT DCO HAC contract in San Antonio, TX.
The ability of the AFCERT to complete its mission is dependent upon accurate, timely and thorough near real-time network security monitoring and analysis of the Air Force network/systems DCO events. Real- Time analyst contractors are required to provide 24 hour coverage (work) for seven (7) days a week, 365 days a year with zero tolerance for error.
• Review all Near Real-Time IDS/IPS alerts per AFCERT Operating Instruction (OI) and checklists at the AOL, COOP, or Ops Floor
• Conduct near real-time security monitoring and intrusion detection analysis for all systems
• Comply with 3rd party MOU/MOA monitoring and reporting requirements. (CDRL A002)
• Monitor security sensors to analyze Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) to identify and correlate security issues/events and review logs to identify intrusions for remediation.
• Analyze and manage analysis results to identify and mitigate threats and enforce corrective actions.
• Analyze traffic/logs/events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities.
• Utilize tools and techniques to perform initial analysis, de-obfuscation, or other manipulation of malware related data.
• Conduct Incident intake and record suspicious events into the operational database for suspicious traffic. These records shall contain sufficient information to stimulate future analysis of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity, update tickets (CAT events) for reporting of cyber events.
• Perform initial analysis of security events, network traffic. (CDRL A008)
• Enter event data into mission support systems IAW AFCERT operational procedures and reports.
• Compile suspicious events records and other artifacts as part of its Monthly Operational Report. (CDRL A005)
• Escalate security incidents using established policies and procedures.
• Generate end-of- reports (MISREPS) and provide pass-on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no more than a 5% error rate.
• Provide computer security-related support to AF field units in countering vulnerabilities, minimizing risk, and improving the security posture of AF networks and systems within the scope of AFCERT operational requirements and mission execution.
• Provide focused DCO tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises.
• Conduct 24x7x365 near real-time network security monitoring and intrusion detection analysis for the networks, systems monitored using AF's selected IDS/IPS capabilities with no more than a 5% error rate. Incident Response (ACD IR Operator - Requires Mission Ready Status)
Bowhead seeks to network with qualified individuals relative to a potential opportunity, which is contingent upon award and not currently funded. Please click the link at the bottom of this posting to apply for consideration. Incumbent employees are encouraged to respond. No solicitations or third party applications will be accepted.
Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas: IP addressing and domain name service; network components; Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP); and understand the network Open Systems Interconnection (OSI) model. Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
• 2-10 years of experience.
• BA/BS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree preferred
• Demonstrates in-depth knowledge and understanding of the Computer Forensics Analyst activities required to meet mission requirements
• Must be able to travel on short notice
• IAT Level I CND compliance.
• GCIA, GNFA or GCDA.
SECURITY CLEARANCE REQUIREMENTS: Must currently hold a security clearance at the Top Secret/SCI level. US Citizenship is a requirement for Top Secret clearance at this location.
Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC's Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant's resume/application may be subject to verification.
Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes.
UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act.
All candidates must apply online at www.uicalaska.com, and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance (https://uicalaska.com/careers/recruitment/).
UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar corporation recognized as one of the top 25 8(a) companies for government contracting.
Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and state or contract required paid time off programs.
Link to Apply:
#LI-SW1 UIC and its Family of Companies is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.Please view Equal Employment Opportunity Posters provided by OFCCP here .The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)