Responsibilities
Secure Division Support. The GCC provides CSSP responsibilities and conducts DODIN Operations and DCO - Internal Defensive Measures (IDM) to protect the DODIN IAW the DoDM 8530.01 and the DoD Cybersecurity Services Evaluator Scoring Metrics (ESM). These responsibilities are broken into five (5) CSSP functions; Identify, Protect, Detect, Respond, and Recover. GCC is responsible to conduct these functions for its assigned portion of the DODIN for both unclassified and classified networks/systems. The division provides support services for the protection, monitoring, analysis, detection, and response to unauthorized activity within the DoD Information Systems and Networks. DCO-IDM services are required to defend against unauthorized activity on all Army assets residing on the NIPRNet and SIPRNet. The division provides defensive measures to protect and defend information, computers, and networks from disruption, denial, degradation, or destruction. The division provides sensor management and event analysis and response for network and host-based events. For sensor management, the division provides management of in-line Network Intrusion Protection System/Network Intrusion Detection System (NIPS/NIDS) sensors monitoring all CONUS DoDIN-A NIPRNet and SIPRNet Enterprise traffic to detect sensor outages and activities that attempt to compromise the confidentiality, integrity, or availability of the network. In coordination with GCC Operations, DCO initiates defensive security procedures upon detection of these attacks. Event analysis and response includes the processes involved with reducing multiple cyber incidents to actual malicious threat determinations and mitigating those threats IAW guidance received from GCC Government leadership. Support the Government in providing services for CSSP services on both the NIPRNet and SIPRNet IAW Appendix E: Secure Division Workload Assessment in support of the CONUS portion of the DoDIN-A. Develop reports and products, both current and long-term, in support of CSSP and course of action development. Prepare Tactics, Techniques, and Procedures (TTP), SOPs, Executive Summary (EXSUMS), trip reports, and information/point papers. Contribute during the preparation of agreements, policy, and guidance documentation such as Memorandums of Understanding / Agreement (MOU/A), Service Level Agreements (SLA).
- Defensive Cyber Assessment (DCA) Support. The DCA Branch within the CSSP-D is responsible for conducting both local and remote penetration testing designed to emulate current threat models to the Army network to execute an assessment of the defensive security posture. Evaluate for acceptance new penetration testing TTPs (new tool usage or adversary TTP) as required for inclusion on approved penetration tools list. Maintain documentation and how-to-use guides, for all vetted penetration testing (PT) tools.
- CDAP Support. CDAP missions are conducted IAW AR 380-53, Communications Security Monitoring. The CDAP consists of three (3) mission areas: NAVs, NDAs, and Persistent Penetration Testing (PPT).
- NAV Support. Support the Government in assessing a BPCS and/or an organization's security enclave, by means of trends and analysis to prioritize NAVs. Conduct one (1) NAV per month (on average) IAW established BBP, regulations, policies, and procedures, and as requested. NAVs require travel to a remote site to execute on-site penetration testing over a one (1) week period, or longer depending on the requirements of the mission. Per AR 380-53, a NAV consists of four (4) phases:
- Phase 1: Provide/authorization (conducted from home station).
- Phase 2: Network survey (conducted from home station).
- Phase 3: Network penetration testing (conducted from both home station and at remote site).
- Phase 4: Final Report (conducted from home station).
- PPT Support. PPT missions are conducted from home station and include high-risk web vulnerability assessments, non/limited notice penetration testing, phishing campaigns, and other activity to identify vulnerabilities on CONUS networks. Prepare and provide a final report detailing activity, vulnerabilities, and mitigations, and execute follow-on actions IAW Table 1: Deliverables.
- Phishing and other TTPs. Execute phishing assessments/campaigns with CONUS Theater stakeholders and coordinate with CDAP tools to emulate threat actors and gather evidence of user engagement. Ensure collection of user metadata and relevant visuals to demonstrate findings.
Qualifications
Qualifications:
- 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree
- Certifications: DCWF code 541 Intermediate: CompTIA Cloud+ or CompTIA PenTest+ or CompTIA Security+ or GIAC Certified Enterprise Defender (GCED) or GIAC Global Industrial Cyber Security Professional (GICSP)
- Top Secret w/SCI security clearance
- Experience in drafting written reports
- Extensive experience in reviewing and examining data and information that supports cybersecurity assessments
- Experience in pen testing fundamentals
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.
Target Salary Range
$66,000 - $106,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.
EEO
EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.All