Peraton
Overview
Incident Handler Cyber Security role at Peraton. Location: Fort Huachuca, AZ.
Responsibilities
Cyber Defense Operations (CDO) Support. Provide sufficient staffing to maintain on-site capability IAW PWS. Place of Work and Work Hours to work directly with GCC Operations personnel in conducting initial triage/cyber incident analysis to include, review correlated events, system/device logs, and SIEM event data to determine and recommend/take immediate DCO-IDM response actions. Immediate response actions can include submission of a cyber-incident response ticket, making an initial determined category of cyber incident (IAW CJCSM 6510), and/or notifying DCO/ARCYBER/Higher Headquarters IAW CCIR reporting requirements. All other CDO operations must have an on-call capability to take actions as required to respond to cyber incidents IAW policy and/or Government direction.
Incident Analysis and Mitigation. Provide incident analysis and mitigation support by conducting incident analysis and recommending mitigation measures in response to general or specific Advanced Persistent Threats (APT), (attempted exploits/attacks, malware delivery, etc.) on Army networks.
Block/deny access by hostile sites or restrict access by specific ports/protocols and/or applications.
Provide recommendations to the supporting operations and maintenance organization to take necessary action where the CSSP-D Division does not administratively control the sensor grid.
Provide justification of IDMs and/or operational impact (implied or accepted risk) to a Configuration Control Board (CCB) and/or Authorizing Official (AO), as required, for mitigation action (IDM) approval. If deemed appropriate (or as requested), the internal defensive measure may involve coordination of a Network Damage Assessment (NDA), Network Assistance Visit (NAVs), or other version of the Computer Defense Assistance Program (CDAP) mission.
Monitor all sensors and agents managed by the GCC for security event analysis and response and maintain/update the triage database with current threat data and response methods in real-time with follow-up recurring within 72 hours of last response. The Contractor shall respond to a detected event and perform triage, ensure proper handling of the associated trouble ticket (TT), and process events accordance with appropriate TTPs.
Provide all initial cyber incident reports to Law Enforcement and Counterintelligence (LE/CI) agencies and maintain a Master POC list for LE/CI agencies as routinely provided by the Major Cybercrimes Unit (MCU) and Cyber Counterintelligence agencies. In cases where an active investigation will be opened, LE/CI agencies will provide written request that will include the official case number, specific data logs, and other required information IAW local TTPs. Provide support and expertise including the provision of the required data along with a summary or analysis of the data. Data and answers provided in the analysis shall pertain specifically to requirements in the LE/CI official request or within CSSP-D TTPs. Provide all initial cyber incident investigation reports to LE/CI.
Maintain a Master Station Log (MSL) to document high visibility cyber incidents, defined as events identified in an ARCYBER Task Order, a Named Operation, or a Category 1 (CAT1), with status, discuss DCO topics, share internal tasks between shifts, document call outs, and share any additional relevant instructions between shifts and up through GCC Leadership and Operations reporting channels. The MSL must be available for Government inspection at any given time to ensure accurate tracking of the above information.
Qualifications Basic Qualifications:
0 years with BS/BA, 4 years no degree.
Certifications: Certified Authorization Professional (CAP) OR meets current DCWF qualification requirements code 722 - Advanced: Certified Information Security Manager (CISM) or Certified Information Systems Security Officer (CISSO) or Certified Information Systems Security Professional (CISSP) or Federal IT Security Professional-Manager-NG (FITSP-M) or GIAC Certified Incident Handler (GCIH) or GIAC Certified Intrusion Analyst (GCIA) or GIAC Cloud Security Automation (GCSA) or GIAC Global Industrial Cyber Security Professional (GICSP) or GIAC Security Essentials Certification (GSEC) or GIAC Security Leadership Certification (GSLC) or Information Systems Security Management Professional (ISSMP). AND DCWF code 531 Intermediate: Certified Cloud Security Professional (CCSP) or Certified Ethical Hacker (CEH) or Cisco Certified CyberOps Associate or CompTIA Cloud+ or CompTIA PenTest+ or CompTIA Security+ or Federal IT Security Professional-Operator-NG (FITSP-O) or GIAC Certified Enterprise Defender (GCED) or GIAC Information Security Fundamentals (GISF).
Experience collecting and analyzing event information and performing threat or target analysis.
Experience supporting operations related to persistent monitoring on a 24/7 basis of all designated networks, enclaves, and systems.
Demonstrated competence in managing and executing first-level responses and addressing reported or detected incidents.
Comfort level with reporting to and coordinating with external organizations and authorities.
Background in coordinating and distributing directives, vulnerability, and threat advisories to identified consumers.
U.S. citizenship required.
Possess an active Secret security clearance with the ability to obtain a TS/SCI clearance.
Ability to work shift hours.
Compensation Details: Target Salary Range: $51,000 - $82,000. This represents the typical salary range for this position based on experience and other factors.
EEO Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.
Seniority level
Not Applicable
Employment type
Full-time
Job function
Management and Manufacturing
Industries
Civil Engineering
#J-18808-Ljbffr
Responsibilities
Cyber Defense Operations (CDO) Support. Provide sufficient staffing to maintain on-site capability IAW PWS. Place of Work and Work Hours to work directly with GCC Operations personnel in conducting initial triage/cyber incident analysis to include, review correlated events, system/device logs, and SIEM event data to determine and recommend/take immediate DCO-IDM response actions. Immediate response actions can include submission of a cyber-incident response ticket, making an initial determined category of cyber incident (IAW CJCSM 6510), and/or notifying DCO/ARCYBER/Higher Headquarters IAW CCIR reporting requirements. All other CDO operations must have an on-call capability to take actions as required to respond to cyber incidents IAW policy and/or Government direction.
Incident Analysis and Mitigation. Provide incident analysis and mitigation support by conducting incident analysis and recommending mitigation measures in response to general or specific Advanced Persistent Threats (APT), (attempted exploits/attacks, malware delivery, etc.) on Army networks.
Block/deny access by hostile sites or restrict access by specific ports/protocols and/or applications.
Provide recommendations to the supporting operations and maintenance organization to take necessary action where the CSSP-D Division does not administratively control the sensor grid.
Provide justification of IDMs and/or operational impact (implied or accepted risk) to a Configuration Control Board (CCB) and/or Authorizing Official (AO), as required, for mitigation action (IDM) approval. If deemed appropriate (or as requested), the internal defensive measure may involve coordination of a Network Damage Assessment (NDA), Network Assistance Visit (NAVs), or other version of the Computer Defense Assistance Program (CDAP) mission.
Monitor all sensors and agents managed by the GCC for security event analysis and response and maintain/update the triage database with current threat data and response methods in real-time with follow-up recurring within 72 hours of last response. The Contractor shall respond to a detected event and perform triage, ensure proper handling of the associated trouble ticket (TT), and process events accordance with appropriate TTPs.
Provide all initial cyber incident reports to Law Enforcement and Counterintelligence (LE/CI) agencies and maintain a Master POC list for LE/CI agencies as routinely provided by the Major Cybercrimes Unit (MCU) and Cyber Counterintelligence agencies. In cases where an active investigation will be opened, LE/CI agencies will provide written request that will include the official case number, specific data logs, and other required information IAW local TTPs. Provide support and expertise including the provision of the required data along with a summary or analysis of the data. Data and answers provided in the analysis shall pertain specifically to requirements in the LE/CI official request or within CSSP-D TTPs. Provide all initial cyber incident investigation reports to LE/CI.
Maintain a Master Station Log (MSL) to document high visibility cyber incidents, defined as events identified in an ARCYBER Task Order, a Named Operation, or a Category 1 (CAT1), with status, discuss DCO topics, share internal tasks between shifts, document call outs, and share any additional relevant instructions between shifts and up through GCC Leadership and Operations reporting channels. The MSL must be available for Government inspection at any given time to ensure accurate tracking of the above information.
Qualifications Basic Qualifications:
0 years with BS/BA, 4 years no degree.
Certifications: Certified Authorization Professional (CAP) OR meets current DCWF qualification requirements code 722 - Advanced: Certified Information Security Manager (CISM) or Certified Information Systems Security Officer (CISSO) or Certified Information Systems Security Professional (CISSP) or Federal IT Security Professional-Manager-NG (FITSP-M) or GIAC Certified Incident Handler (GCIH) or GIAC Certified Intrusion Analyst (GCIA) or GIAC Cloud Security Automation (GCSA) or GIAC Global Industrial Cyber Security Professional (GICSP) or GIAC Security Essentials Certification (GSEC) or GIAC Security Leadership Certification (GSLC) or Information Systems Security Management Professional (ISSMP). AND DCWF code 531 Intermediate: Certified Cloud Security Professional (CCSP) or Certified Ethical Hacker (CEH) or Cisco Certified CyberOps Associate or CompTIA Cloud+ or CompTIA PenTest+ or CompTIA Security+ or Federal IT Security Professional-Operator-NG (FITSP-O) or GIAC Certified Enterprise Defender (GCED) or GIAC Information Security Fundamentals (GISF).
Experience collecting and analyzing event information and performing threat or target analysis.
Experience supporting operations related to persistent monitoring on a 24/7 basis of all designated networks, enclaves, and systems.
Demonstrated competence in managing and executing first-level responses and addressing reported or detected incidents.
Comfort level with reporting to and coordinating with external organizations and authorities.
Background in coordinating and distributing directives, vulnerability, and threat advisories to identified consumers.
U.S. citizenship required.
Possess an active Secret security clearance with the ability to obtain a TS/SCI clearance.
Ability to work shift hours.
Compensation Details: Target Salary Range: $51,000 - $82,000. This represents the typical salary range for this position based on experience and other factors.
EEO Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.
Seniority level
Not Applicable
Employment type
Full-time
Job function
Management and Manufacturing
Industries
Civil Engineering
#J-18808-Ljbffr