Network Defense and Security Analyst

Overview
Abacus Technology is seeking a Network Defense and Security Analyst to provide technical support for the AFCENT Network Operations and Security Center (NOSC) at Lackland AFB as part of a 24/7/365 support environment. This is a full-time position.

Responsibilities

• Provide technical reports, meeting minutes, program plans, concepts of operations, contingency plans, and related documentation as identified for task deliverables.
• Prepare and disseminate operational reports.
• Monitor network traffic to provide event correlations of operational traffic from multiple locations to determine network security posture.
• Utilize standard/provided network tools to evaluate traffic for incident response analysis.
• Coordinate and execute JTF-GNO Information Assurance Vulnerability Alert (IAVA) notices as applicable on USCENTCOM networks/systems with the USAFCENT NOSC.
• Maintain IDS/IPS devices to ensure they are operating at optimal efficiency.
• Develop methods to detect and prevent intrusive activities utilizing new vulnerabilities and exploits.
• Assist NOSC-Cybersecurity to develop countermeasures to isolate, contain and prevent intrusive actives and secure USAFCENT/USCENTCOM networks.
• Correlate unusual and suspicious network activity across USCENTCOM.
• Validate unusual network activity unique to a geographical regions and sensor locations.
• Provide an overall site-analysis profile to serve as a benchmark to identify unusual or suspicious activity.
• Assist in the compilation of Network Defense statistical and trend data, and operational event reporting, as requested by NOSC management.
• Provide site-specific and service-level intrusion packet level analysis using selected tools and activities related to mission execution; and track trends of authorized and unauthorized activity.
• Correlate unusual and suspicious network activity across USCENTCOM; and validate unusual network activity unique to geographical regions and sensor location(s).
• Document network devices and location of network devices. Provide technical information to USCENTCOM customers on devices with an emphasis on any possible security issues with them.
• Document any waivers for non-standard network configurations.
• Provide an overall site-analysis and profile for existing USCENTCOM networks and supported units to serve as a benchmark to identify unusual or suspicious activity; and research, document and report suspicious activity.
• Provide focused Network Defense tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named Network Defense operations and exercises.
• Perform cyber incident handling and support activities, including but not limited to, reporting and notifying, documenting, and coordinating: (1) detection of events; (2) preliminary analysis; (3) preliminary response action; (4) incident analysis; (5) response and recovery; and (6) post incident analysis.
• Perform network traffic analysis to evaluate intruder activities using host and network-based monitoring systems; correlate information gathered to provide effective methods to USCENTCOM domains; determine the probability of exploitation of discovered network vulnerabilities; and ensure appropriate notifications and action are taken to reduce the risk to USCENTCOM networks.
• Support USCENTCOM 24/7 Network Defense monitoring operations.
• Open and conduct network intrusion investigations to validate the unauthorized activity and determine the type and extent of activity.
• Conduct network and computer forensics on suspected and confirmed compromised USCENTCOM systems to determine the method of intrusion and corrective actions to be taken to prevent or detect similar future activities.
• Develop and implement methods to identify, contain, log, analyze and prevent intrusive activities and security vulnerabilities on automated information systems and networks; and conduct operations and develop countermeasures to isolate, contain, and prevent intrusive activities and security vulnerabilities.
• Develop and implement methods to identify, contain, log, analyze and prevent malware-based activities on automated information systems and networks, and operate, maintain and administer anti-virus tools.
• Provide AFOSI (Air Force Office of Special Investigation), Army Criminal Investigation Division (CID), Naval Criminal Investigation Service (NCIS) Network Defense technical support and expertise to assist law enforcement and counter-intelligence activities, and continue to conduct base network defense while component investigative agencies collects network evidence.
• Provide support to USCENTCOM network administrators on the installation and analysis of packet sniffers their network topology.
• Install, configure, maintain and manage the USAFCENT IDS/IPS sensor fleet, ArcSight Enterprise Security Manager, CIDDS directors, and associated Virtual Private Network (VPN) equipment.
• Provide technical advice and assistance to the USAFCENT NOSC-Cybersecurity to resolve network issues and perform actions necessary to ensure IDS/IPS sensors are collecting and reporting network activity.
• Diagnose and resolve end user problems.
• Support IDS/IPS software installation and configuration, IDS site troubleshooting, system security, archival, and restoration of mission data.
• Assist in the identification of system and network configuration problems or network and subnet vulnerabilities and take corrective actions.
• Assist with on-the-job training (OJT) for personnel assigned to USAFCENT operational mission and technical support functions.
• Present network defense actions/activities for USAFCENT and USCENTCOM mission briefings.
• Identify and assist in the development and documentation of USAFCENT support operations, reporting, systems administration and incident response processes and tasks using available mission support systems.
• Provide technical assistance in the Network Defense systems planning, testing, development, implementation, enhancement, transition, management and operation of new USAFCENT initiatives, and support the integration of new systems and tools into the existing architecture.

Qualifications
5+ years experience in network and systems security. Bachelor's degree in a related field. Additional years of experience may be substituted for degree requirements. Must be Network+ or CCNA certified. Must be CEH certified. Must hold the ITIL v3 or v4 Foundations certification or be able to obtain the certification within 60 days of hire. Extensive knowledge of network firewalls, computer and server log analysis, computer network servers (DNS, proxy, e-mail, domain controller, file server, Active Directory) and analysis of their logs. Extensive knowledge of digital evidence collection, handling and security; experience with computer incident response and analysis and report dissemination. Extensive knowledge and experience with network packet capture and analysis software such as WireShark (Ethereal) and Snort. Experience with standard DoD network topology and DMZ boundary protection. Experience with system analysis software (i.e. EnCase/EnCase Enterprise or FTK), software coding and debugging, and the virtual machine (VM) environment. Experience with DoD/AF incident reporting processes. Knowledge of threat visualization applications. Extensive knowledge of digital evidence collection, handling and security. Experience with computer incident response and analysis, and report dissemination. Extensive knowledge of DoD and AF network operations regulations; knowledge and experience processing Information Assurance Vulnerability Alert (IAVA) notices. Able to maintain current knowledge on new vulnerabilities and exploits. Experience with DoD/AF incident reporting processes. Familiar with NSA Threat Operations Center (NTOC) Attack, Sensing & Warning (AS&W) alerts and processing. Knowledge and experience constructing, executing and troubleshooting SQL DB queries. Knowledge and experience with the DOD Centaur analysis system. Must maintain an Advanced Traffic Analyst certification via Stan/Eval processes for operational positions. Must have strong communication skills and be able to interact professionally within all levels of an organization. Must be able to provide support in a 24/7/365 environment including occasionally covering shifts outside of the assigned shift and/or providing after hours, weekend, or holiday support as needed on a rotational basis. Must be a US citizen and hold a current Top Secret clearance with SCI access or eligibility (TS/SCI).

Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.
EOE/M/F/Vet/Disabled