What are the responsibilities and job description for the Cyber Defense Operator (CDO) position at SMS Data Products Group, Inc.?
The Cyber Defense Operator (CDO) supports the Air Force Computer Emergency Response Team (AFCERT) mission by providing continuous, near real-time network security monitoring, intrusion detection analysis, and host security monitoring across the Air Force Information Network (AFIN). The CDO operates as a member of the DCO Hunt and Assess Crew (HAC) and is required to attain and maintain Mission Ready (MR) status in accordance with applicable Air Combat Command Instructions (ACCI) and ACCMANs governing the AFIN weapon system. This position supports 24x7x365 mission operations across rotating crew schedules.
As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.
SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 45 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com .
Submit your resume today!
Responsibilities
Required Qualifications
As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.
SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 45 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com .
Submit your resume today!
Responsibilities
- Conduct near real-time network security monitoring and intrusion detection analysis across networks and systems
- Review IDS/IPS alerts per Operating Instruction (OI) and checklists
- Conduct host security monitoring, alert review, intrusion detection analysis, and event analysis and triage
- Develop, Review and Maintain procedures related to the overall monitoring of Hosts/Systems.
- Monitor security sensors to analyze Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) to identify and correlate security issues/events and review logs to identify intrusions for remediation.
- Correlate suspicious events with network events, if possible, and data stored within databases and other external DoD resources.
- Analyze traffic/logs/events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities.
- Record who, what, where, why and when for any identified suspicious activity in case management system (CMS) to enable additional investigations.
- Conduct triage of suspicious activity alerts and logs in order to make a fast and accurate triage decision.
- Enter event data into mission support systems in accordance with operational procedures and reports.
- Escalate security incidents using established policies and procedures.
- Generate end of mission reports (MISREPS) and provide pass‐on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc.
- Provide computer security‐related support to AF field units.
- Provide feedback on detection mechanisms that are both true and false positive events to Content Development as applicable.
- Week 1: Work 2 days → Off 2 days → Work 3 days
- Week 2: Off 2 days → Work 2 days → Off 3 days
Required Qualifications
- A minimum of five (5) years of experience in cyber defense operations, network security monitoring, intrusion detection analysis, or a related discipline within a DoD or Intelligence Community environment.
- Active TS/SCI clearance required.
- High School Diploma or GED required.
- 8140 IAT Level 1 (CND) & GCFA certified
- General knowledge of cyber security frameworks, such as the Cyber Kill Chain, MITRE ATT&CK, and the NIST 800 series
- General knowledge of physical computer components and architectures, including the functions of computer domains, directory services, various components and peripherals, basic programming concepts, assembly codes, TCP/IP, OSI models, underlying networking protocols (e.g., DNS, ARP, etc.), security hardware and software
- Candidate must be self-motivated and able to perform with minimal supervision
- Certified Network Defender (CND) certification
- Knowledge of cyber forensic collection, preservation, and chain of custody
- Prior AFCERT / DCO / SOC experience supporting government networks.
- Experience with endpoint and network security tooling such as SIEM, EDR, packet capture, IDS/IPS, and case management workflows.
- Familiarity with producing operational deliverables in a regulated environment (formal ticketing, incident timelines, evidence handling).