MUST HAVE ACTIVE TS/SCI CLEARANCE. CANIDATES WITHOUT AN ACTIVE CLEARANCE WILL NOT BE CONSIDERED. MUST BE ABLE TO OBTAIN A GCFA CERTIFICATION WITHIN 120 DAYS OF EMPLOYMENT.
-Review all IDS/IPS
alerts per Air Force Operating Instruction (OI) and checklists at the AOL,
COOP, or Ops Floor. Conduct host security monitoring, alert review, and
intrusion detection analysis for the SOC mission.
-Develop, Review and
Maintain procedures related to the overall monitoring of Hosts/Systems.
-Comply with 3rd
party MOU/MOA monitoring and reporting requirements. Analyze host DCO events to
determine the necessity for higher level analysis and conduct an initial
assessment of type and extent of intruder activities.
-Monitor security
sensors to analyze Intrusion Detection Systems (IDS) and Security Information
and Event Management (SIEM) to identify and correlate security issues/events
and review logs to identify intrusions for remediation. Correlate suspicious
events with network events, if possible, and data stored within databases and
other external DoD resources, including but not limited to Big Data Platform
(BDP).
-Analyze
traffic/logs/events to determine the necessity for higher level analysis and
conduct an initial assessment of type and extent of intruder activities.
-Record who, what,
where, why and when for any identified suspicious activity in case management
system (CMS) case to enable additional investigations.
-Conduct triage of
suspicious activity alerts and logs in order to make a fast and accurate triage
decision.
-Enter event data
into mission support systems in accordance with SOC operational procedures and
reports.
-Provide monthly
performance metrics including but not limited to: readiness, qualifications,
events processed, CAT events and incidents identified.
-Escalate security
incidents using established policies and procedures.
-Generate end of
mission reports (MISREPS) and provide pass‐on information for knowledge
transfer to subsequent /crews of analysts on duty regarding the latest
suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no
more than a 5% error rate.
-Provide computer
security‐related support to AF field units, as directed by CCC, in countering
vulnerabilities, minimizing risk, and improving the security posture of AF
computers networks and systems within the scope of SOC operational requirements
and mission execution.
-Provide focused DCO
tailored analysis and monitoring operations of specified sensor locations
during contingency operations and in support of named DCO operations and
exercises.
-Conduct 24x7x365
near real‐time network security monitoring and intrusion detection analysis for
the networks, systems monitored using AF’s selected IDS/IPS capabilities with
no more than a 1% error rate.
-Create and document
metrics for reporting and analysis to improve alert triage processes and
mission execution.
-Provide requested
information to operational leadership as it relates to mission execution.
Conduct intake of
administrative and operational communication from external agencies and route
the communication to the Mission Lead/Crew Commander.
-Perform security
checks every four hours to verify external doors are properly closed and no
suspicious activity is taking place around the facility. If suspicious activity
is observed or suspected, contact and inform the Crew Commander.
-Initiate emergency
checklists due to imminent threat, as directed by Crew Commander. Call
emergency responders (Security Forces/Fire Department etc.) if needed via 911.
-Provide feedback on
detection mechanisms that are both true and false positive events to ESM and
Content Development as applicable.
-Participate in
planning, briefing, and debriefing tasks as directed by CDO Mission Lead or
Crew Commander.
=Accomplish assigned
weapon system access, ORM, Go/No Go, reports, TTP updates and TAR submissions.
=Execute approved
scoping actions. Find endpoints matching target: accounts, registry
configurations, files, processes, IP addresses, ports, domains, or other
correlating data to determine extent of compromises.
-Execute approved
response actions against target: accounts, registry configurations, files,
processes, IP addresses, ports, domains, or other system components to contain
compromises.
-Analyze threat
intelligence (TIPPERS) as directed by CDO Mission Lead or Crew Commander to
include contextual information, IoCs, TTPs, vulnerabilities, effects, and
actionable intelligence about threats mapped to the MITRE threat framework.
-Work with CDO
Mission Lead for prioritization and assignment of tasks.
-Provide CDO Mission
Lead support, notify CDOs of Crew Commander prioritized tasks, tracking all
required mission systems and functions.
About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.