1 Intrusion Detection Monitoring and Incident Management (Journeyman) Job in Scott, IL

SORT BY

SET JOB ALERT

OFF

Details...

Intrusion Detection Monitoring and Incident Management (Journeyman)

BTAS

Scott, IL | Full Time

$81k-104k (estimate)

1 Week Ago

Intrusion Detection Monitoring and Incident Management (Journeyman)

BTAS Scott, IL

$81k-104k (estimate)

Full Time | Business Services 1 Week Ago

Save

BTAS is Hiring an Intrusion Detection Monitoring and Incident Management (Journeyman) Near Scott, IL

Position: Intrusion Detection Monitoring and Incident Management (Journeyman)

Location: Scott AFB, IL
Security Clearance Required: Top Secret with SCI eligibility
Position Type/Standard Work Hours: Full-time/40 hours per week/On-site
Summary/Objective:

The Intrusion Detection Monitoring and Incident Management role supports the United States Transportation Command (USTRANSCOM) Cyberspaces Operations Forces’ (COF), located at Scott Air Force Base (AFB), IL.

The COF’s mission is to provide Department of Defense Information Network (DODIN) Operations, defensive cyber operations-internal defensive measures, and overall cyberspace operations in support of USTRANSCOM network systems and missions. COF provides mission-tailored, joint capability packages to Combatant Commanders to facilitate rapid establishment of Joint Force Headquarters, fulfill Global Response Force execution and bridge joint operational requirements.

This role is mission essential/critical in executing intrusion detection/analysis/incident management activities for all USTRANSCOM information systems/networks that subscribe to USTRANSCOM CSSP services. The Intrusion Detection Monitoring and Incident Management tool suites consist of network and host-based sensors in all security domains and enclaves, log consolidation mechanisms, analysis platforms, and other products that may be directed or procured to:

Develop intrusion detection analytics (e.g., reports, dashboards, queries) to continuously enhance intrusion detection capabilities.
Identify unauthorized, malicious, or anomalous activity and initiate appropriate incident response actions in support of mission assurance for USTRANSCOM information systems and networks on NIPRNet and SIPRNet, to include USTRANSCOM cloud environments.

Primary Responsibilities:

Daily Operations and Maintenance

Perform the day-to-day mission execution of the intrusion detection monitoring and incident management and response activity. This includes, but is not limited to, the following:

Review audit data, e-mail spam (also known as junk e-mail or unsolicited bulk e- mail), and network traffic data for irregularities or other indications of real or potential security violations.
Correlate and analyzing security data and events from alert and traffic flow systems (e.g., intrusion detection system/intrusion prevention system (IDS/IPS), routers, Netflow, firewall).
Identify potential distributed, long-term, coordinated, low-visibility network-based attacks and potential advanced persistent and coordinated threats across multiple platforms.
Perform tuning and optimization tasks to include sensor rule review and log aggregation/visibility.
Develop/enhance existing intrusion detection analytics/dashboards/signatures to remain commensurate with evolving cyber threat.
Investigate all security related events and incidents involving USTRANSCOM information systems.
Report identified security incidents through the Joint Incident Management System (JIMS) or other DoD approved reporting process IAW CJCSM; includes details of initial detection through resolution (e.g., source/destination addresses and ports, delivery vector, attack timeframe, attack methods and root cause).
Perform incident response based on security events identified.
Review and share significant activity via SIGACT reports and Attack Sense and Warning (AS&W) tippers.
Generate and share Suspicious Network Activity Reports (SNARS).
Track acknowledgements of SNARS and AS&W tippers from the CSSP Subscriber community.
Develop and deploy countermeasures in response to cybersecurity incidents, or upon request from USTRANSCOM government, IAW the USTRANSCOM Incident Response Plan.
Analyze and identify root cause(s) and lessons learned from security incidents; document a formal after actions report (AAR) IAW USTRANSCOM Incident Response Plan.
Provide recommendations to the government related to tactical response actions, such as updating signatures and heuristics (e.g., firewall rules, proxy blocks, HBSS rules, EDR).
Maintain an inventory of log data sources and resident locations (e.g., USTRANSCOM log consolidation server, DISA consolidated log environment).
Maintain a daily activity log containing continuous event management updates and shift-turnover details of events/incidents.

Perform the day-to-day operation and maintenance of the intrusion detection monitoring and incident management tool suites. This includes, but is not limited to the following:

Maintain the existing configuration and integrity of the intrusion detection monitoring and incident management tool suite IAW applicable policies and instructions.
Develop new intrusion detection signatures and modify the signatures at the direction of the government; report false positive alerts IAW applicable USCYBERCOM/JFHQ DODIN orders.
Develop and maintain security analysis scripts and analytic displays.
Maintain visibility and continuity of system/service application/security/environment logs within designated aggregation repositories.
Perform reviews of implemented cybersecurity defense IDS/IPS rules, exceptions, and log availability, content, and intrusion detection signatures.
Perform reviews of aggregated log data to identify missing required sources and ensure log data format IAW USTRANSCOM logging standards.
Work with program managers and system administrators to obtain logs in standard format for centralized log aggregation.
Operate and maintain a service assurance capability for intrusion detection monitoring and incident management tools.
Provide compliance data to government in response to USCYBERCOM/JFHQ DODIN orders; develop and update POA&Ms.
Submit requests for exemption to policy/direction that cannot be complied with IAW prescribed DoD policy/instruction.
Ensure BCM plans are in place, executable, and followed for intrusion detection monitoring and incident management activities IAW USTRANSCOM’s Continuity of Service Plan.

Document changes to intrusion detection monitoring and incident management tools (e.g., software installs, patching, software configuration changes) IAW USTRANSCOM Change Management policies and provide configuration management data on all managed systems according to the schedule and format directed by the government.

Metrics and Process/Procedure Documentation:

Collect and provide the Government with monthly metrics on intrusion detection monitoring and incident management activity. The metrics will include, but are not limited to:

Lists of sensor signature updates.
Uptime statistics based on service availability for intrusion detection monitoring and incident management tools (e.g., network and host-based sensors, log consolidation mechanisms, analysis platforms) based on service assurance monitoring.

Number and type of cyber incidents by category IAW CJCSI 6510.01F
Number of successful and attempted penetrations of command information systems and megabytes per incident of confirmed data loss from penetrations of USTRANSCOM networks.
Accounting of availability of critical system/service logs within designated aggregation repository, listing source/viability/content.

Maintain current documentation on intrusion detection monitoring and incident management processes and procedures and provide the following deliverable documents to the government IAW the assigned suspense dates:

USTRANSCOM Cyber Incident Response SOP & associated checklists.
USTRANSCOM Cyber Monitoring SOP & associated checklists.
USTRANSCOM Sensor and Consolidated Logging Infrastructure SOP & associated checklists.
USTRANSCOM Cyber Incident Reporting SOP & associated checklists.
USTRANSCOM Security Event / Incident Analysis SOP & associated checklists.

Required Education and/or Experience:

(Journeyman)

Five or more years of relevant Cybersecurity experience.
IAT-II Baseline Certification: Sec CE.
CSSP Analyst Certification** (within 6 months of hire date).

** CYSA covers the requirement.

Supervisory Responsibilities:

This position does not supervise the work of others.

Work Environment:

This job operates in a professional office environment. This role routinely uses standard office equipment.

Physical Demands:

Must be able to operate a computer and other standard office equipment.

Travel: Very little.

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and/or activities may change at any time with or without notice.

BTAS Benefits:

A comprehensive benefits program, including paid time off, federal holidays, health coverage, 401K plan with generous company match is offered to all full-time employees.

AAP / EEO Statement:

BTAS is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

BTAS is an E-Verify program participant.