USfalcon, Inc., recognized as one of the fastest growing, privately held companies in the United States, is seeking a Cyber Incident Responder to work out of Schriever AFB, CO.
The purpose of this position is to perform Defensive Cyberspace Operations (DCO) activities for the 50th Space Wing (50 SW). Performance is based at Schriever Air Force Base (SAFB), Colorado. The purpose of the DCO support is to enable protection from, detection of, and response to cyber threats. This position currently has five (5) openings available.
- Bachelor’s degree in a technical field (STEM) from an accredited institution. - Four (4) years of relevant experience. - Candidate shall possess appropriate CSSP certification per DoD 8570.01-M for CSSP Analyst and CSSP Incident Responder categories with minimum three (3) years of experience in CSSP certified work.
Have the expertise in the AF Satellite Control Network (AFSCN) - Have experience providing recommendations on Tactics, Techniques, and Procedures (TTPs), Standard Operating Procedures (SOPs), training materials, Operational Instructions (OI’s), and other materials to include identifying information to be monitored; systems/software to provide monitoring capabilities; recommended event triggering thresholds; incident response measures; cyber security reporting processes and procedures; and recommended actions to implement similar capabilities across AFSPC’s portfolio. - Monitor applicable systems and take action as necessary to comply with US Cyber Command (USCYBERCOM) directions and task orders (TASKORDS). - Maintain awareness of ground segment architecture for space mission system network traffic conditions, performance, bandwidth indicators, anomaly alerts, unauthorized activity, audit logs, and any on-going cyber event or incident. - Notify on-duty government crew commander and/or crew chief immediately when an anomalous condition is discovered and recommend fix-actions IAW Government-approved procedures & documentation. - Identify and document unauthorized activity and/or attacks to include: source/destination addresses and ports, attack vector (e.g. network intrusion, web-based, etc.) and attack timeframe. - Ensure consistent and complete shift turnover of events/incidents, updating event/incident analysis records and maintain event/incident dashboards and records in accordance with Government- approved procedures/documentation. - Conduct Malware Protection (MP) activities including monitoring network and/or host-based security, malware incidents, and malware detection signature currency. - Provide support for Vulnerability Management (VA) and Malware Protection activities outlined in ESM v9.2 as well as support the appropriate organization conducting VAA. - Support the Government in implementing defense-wide VAA notification, reporting, and coordination activities. - Be familiar with and monitor and report mission system response to INFOCON/CPCON changes by
maintaining visibility into compliance with INFOCON/CPCON change orders. - Assist the Government and provide cyber defense of the ground segment architecture for space mission system in Vulnerability Management (VM) activities. - Provide recommendations and if required, take corrective actions to mitigate potential vulnerabilities or threats in accordance with CJCSM 6510.01B. No more than zero (0) occurrences of failing to comply with CJCSM 6510.01B Appendix B incident reporting timelines. - Conduct vulnerability trend analysis from Vulnerability Scans (VS) and communicate trend analysis results to respective leadership. - Present and deliver relevant intrusion analysis and correlation information to enable ground segment architecture for space mission system operations and sustainment decisions. - Shall support cyber incident handling operations to minimize potential loss and destruction, mitigation of weaknesses that were exploited, and restoration of mission systems services. - Receive and perform preliminary analysis on warning intelligence information. This includes but is not limited to correlating and characterizing unauthorized activity notices from intelligence organizations as well as assessing applicability of intelligence threat reports to defended mission systems and recommending and implementing mitigations if deemed applicable. - Provide recommendations to improve cyber-attack mitigation as well as warning intelligence information sharing between intelligence organizations and mission systems as a part of process improvement initiatives. - Provide technical expertise in the creation of courses of action, as appropriate, to remediate or mitigate Department of Defense Information Network DODIN/Special Enclave (SE) attacks (e.g. cyber intelligence and/or threats). - Correlate threat and vulnerability data to provide analysis and recommendations of actions to mitigate/remediate issues on affected systems. - Understand the current network architecture and provide recommendations for the optimal placement of detection sensors. - Support the DCOM in failover operations in the event of system/network cyber outages. - Provide in-depth analysis of incidents by determining the incidents’ nature and formulating responses, identifying and correlating event and incident data, determining actions to be taken, and determining possible effects on the ground segment architecture for space mission system. - Assist mission systems government/contractor crew member in writing and submitting timely Cyber Incident Reports and provide a copy to the respective Government representative. - Prepare after action reports of cyber incidents and track open mitigation procedures. No more than one (1) missed deadline per year in submitting after action reports and tracking open mitigation procedures when requested by the Government. - Additional duties as assigned.