Cyber Incident Responder III

Colorado Springs, CO
United States

Experience Required
Degree Required
Employment Type
Work Schedule

Job Description
As a Cyber Incident Responder III, the candidate will perform Defensive Cyberspace Operations (DCO) activities for the 50th Space Wing (50 SW). He/She will support the DCO by protecting, detecting, and responding to cyber threats.

The following experience is required:
  • AF Satellite Control Network (AFSCN)
  • Providing recommendations on:
  • Tactics, Techniques, and Procedures (TTPs)
  • Standard Operating Procedures (SOPs)
  • Training Materials
  • Operational Instructions (OIs) and other materials to include:
  • Recommend actions to implement similiar capabilities across AFSPC's portfolio

  • In addition, the candidate will:
  • Monitor applicable systems and take necessary action to comply with US Cyber Command (USCYBERCOM) directions and task orders
  • Maintain awareness of ground segment architecture for space mission system network traffic conditions, performance, bandwidth indicators, anomaly alerts, unauthorized activity, audit logs, and any on-going cyber event or incident
  • Notify on-duty government crew commander and/or crew chief immediately of anomalous conditions and recommend fix-actions IAW Government-approved procedures/documentation
  • Identify and document unauthorized activity and/or attacks to include, sources/destination addresses and ports, attach vector (e.g. network intrusion, web-based, etc.), and attack time frame
  • - Ensure consistent and complete shift turnover of events/incidents, updating event/incident analysis records and maintain event/incident dashboards and records in accordance with Government-approved procedures/documentation
  • Conduct Malware Protection (MP) activities including monitoring network and/or host-based security, malware incidents, and malware detection signature currency
  • Provide support for Vulnerability Management (VA) and Malware Protection activities outlined in ESM v9.2 as well as support the appropriate organization conducting VAA
  • Support the Government in implementing defense-wide VAA notification, reporting, and coordination activities
  • Be familiar with and monitor and report mission system response to INFOCON/CPCON changes by maintaining visibility into compliance with INFOCON/CPCON change orders
  • Assist the Government and provide cyber defense of the ground segment architecture for space mission system in Vulnerability Management (VM) activities
  • Provide recommendations and, if required, take corrective actions to mitigate potential vulnerabilities or threats in accordance with CJCSM 6510.01B with no more than zero (0) occurrences of failing to comply with CJCSM 6510.01B Appendix B incident reporting timelines
  • Conduct vulnerability trend analysis from Vulnerability Scans (VS) and communicate trend analysis results to respective leadership
  • Present and deliver relevant intrusion analysis and correlation information to enable ground segment architecture for space mission system operations and sustainment decisions
  • Shall support cyber incident handling operations to minimize potential loss and destruction, mitigation of weaknesses that were exploited, and restoration of mission systems services
  • Receive and perform preliminary analysis on warning intelligence information. This includes but is not limited to correlating and characterizing unauthorized activity notices from intelligence organizations as well as assessing applicability of intelligence threat reports to defended mission systems and recommending and implementing mitigation(s) if deemed applicable
  • Provide recommendations to improve cyber-attack mitigation as well as warning intelligence information sharing between intelligence organizations and mission systems as a part of process improvement initiatives
  • Provide technical expertise in the creation of courses of action, as appropriate, to remediate or mitigate Department of Defense Information Network (DODIN)/Special Enclave (SE) attacks (e.g. cyber intelligence and/or threats)
  • Correlate threat and vulnerability data to provide analysis and recommendations of actions to mitigate/remediate issues on affected systems
  • Understand the current network architecture and provide recommendations for the optimal placement of detection sensors
  • Support the DCOM in fail-over operations in the event of system/network cyber outages
  • Provide in-depth analysis of incidents by determining the incidents’ nature and formulating responses, identifying and correlating event and incident data, determining actions to be taken, and determining possible effects on the ground segment architecture for space mission system
  • Assist mission systems government/contractor crew member in writing and submitting timely Cyber Incident Reports and provide a copy to the respective Government representative
  • Prepare after action reports of cyber incidents and track open mitigation procedures, with no more than one (1) missed deadline per year in submitting after action reports and tracking open mitigation procedures when requested by the Government
  • Qualifications
  • Bachelor in a STEM field from an accredited institution with a minimum of four (4) years' of relevant experience
  • CSSP certification for CSSP Analyst and CSSP Incident Responder categories with a minimum of three (3) years' CSSP certified experience
  • Capable of minimal CONUS travel

  • Desired Competencies/Experience/Certifications:
  • Proficiency in Microsoft Office applications, including Access

  • Clearance Requirements:
  • Must be able to obtain or already possess a top secret/SCI security clearance