Experience Inc. Jobs

Job Information

Credence Management Solutions, LLC Active Cyber Defense Operator in San Antonio, Texas

Credence Management Solutions, LLC (Credence) is seeking a ACD-O NIPR for the 33rd Network Warfare Squadron (33 NWS) conducting Air Force Defensive Cyberspace Operations. This contract provides support 24 hours a day/seven days a week/365 days a year spanning cyber defense, network operations and information protection.

The ability of the AFCERT to complete its mission is dependent upon accurate, timely and thorough near real-time network security monitoring and analysis of the Air Force network/systems DCO events. Real- Time analyst contractors are required to provide 24 hour coverage (shift work) for seven (7) days a week, 365 days a year with zero tolerance for error.

  • Review all Near Real-Time IDS/IPS alerts per AFCERT Operating Instruction (OI) and checklists at the AOL, COOP, or Ops Floor.

  • Conduct near real-time security monitoring and intrusion detection analysis for all systems

  • Comply with 3rd party MOU/MOA monitoring and reporting requirements.

  • Conduct network security monitoring and intrusion detection during emergency situations or system/network outages at the 33 NWS operations floor at Lackland AFB.

  • Monitor security sensors to analyze Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) to identify and correlate security issues/events and review logs to identify intrusions for remediation.

  • Analyze and manage analysis results to identify and mitigate threats and enforce corrective actions.

  • Analyze traffic/logs/events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities.

  • Utilize tools and techniques to perform initial analysis, de-obfuscation, or other manipulation of malware related data.

  • Analyze and manage results from security tools, such as Splunk, ELK, Nessus, ArcSight and other tools as needed/required to identify and mitigate threats and enforce corrective actions.

  • Conduct Incident intake and record suspicious events, meeting established 33 NWS thresholds, into the operational database for suspicious traffic. These records shall contain sufficient information to stimulate future analysis of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity, update tickets (CAT events) for reporting of cyber events.

  • Perform initial analysis of security events, network traffic.

  • Enter event data into mission support systems IAW AFCERT operational procedures and reports.

  • Compile suspicious events records and other artifacts as part of its Monthly Operational Report.

  • Escalate security incidents using established policies and procedures.

  • Generate end‐of‐shift reports (MISREPS) and provide pass‐on information for knowledge transfer to subsequent shifts/crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc.

  • Provide computer security-related support to AF field units in countering vulnerabilities, minimizing risk, and improving the security posture of AF networks and systems within the scope of AFCERT operational requirements and mission execution.

  • Provide focused DCO tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises.

  • Conduct 24x7x365 near real-time network security monitoring and intrusion detection analysis for the networks, systems monitored using AF’s selected IDS/IPS capabilities.

  • Record suspicious events, meeting established 33 NWS thresholds, into the operational database for suspicious traffic. These records shall contain sufficient information to stimulate future analysis of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity. The contractor shall compile suspicious events records and other artifacts as part of its Monthly Operational Report.

  • Conduct monitoring of DISA’s JRSS sensors as new JRSS Regions become available and operational.

  • Provide OJT to other contractors, military, and/or civilian personnel, and maintain continuity folders/working aids in order to ensure efficient transition when personnel rotate.

  • Create and document metrics for reporting and analysis to improve weapon system processes and mission execution.

  • Active TS/SCI clearance

  • DoD Approved 8570 : IAT Level I CND certfication and GCIA, GNFA, or GCDA certifications.

  • Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas: IP addressing and domain name service; network components; Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP); and understand the network Open Systems Interconnection (OSI) model.

  • Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).

Job ID: 2020-4155

External Company URL: http://credence-llc.com/

DirectEmployers