Bowhead
Cyber Network Defense Analyst
Bowhead, Vandalia, Ohio, United States, 45377
Overview:
Bowhead seeks a Cybersecurity Network Defense Analyst to join our team in Dayton, OH. The Cybersecurity Network Defense Analyst uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. They provide on-site 24x7x365 operational support in the form of event/incident handling and analysis capability to cybersecurity service subscribers. These highly skilled individuals will work in various capacities alongside Warning Intelligence Analysts and Engineers.The Cybersecurity Network Defense Analyst will work in the Attack Sensing and Warning (AS&W) division which senses changes in subscriber networks through comparison to established baselines and the fusion/integration of closed and open source intelligence to enhance sensing capability. They will perform the analysis of disparate data sources to form a cohesive view of the current cyber security state. They will characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.These positions are in a 24x7x365 Cybersecurity environment and qualified candidates must be able to work 12 hour night shifts.Responsibilities:Receive and distribute AS&W informationConduct AS&W activities to develop appropriate response (receives and archive task orders, directives, and other required actions, and maintain internal and external source location information)Coordinate AS&W information from other sources to aid in analysis of alertsAnalyze the Intrusion Detection System alerts to identify unauthorized or anomalous activityIdentify, documents, and reports unauthorized activity/attacks (including IP addresses and ports, attack vector, and attack timeframe) in all incidents and reports per HPCMP CSSP sopsTake action, if appropriate, to prevent or mitigate potential impact to the DODIN based on cyber threats, and develop and distribute countermeasures and interim guidance to prevent or mitigate threats and/or attacks on DODINMonitor a platform capable of performing information security continuous monitoring (ISCM) for the purposes of detecting cyber intrusions, attacks, anomalous behavior, and possible insider threatsCollect intrusion artifacts (e.g., source code, malware, and trojans)Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediationReport incidents and events within proper channels and within timelines identified in the CJCSM 6510.01BProvide a 24/7x365 event/incident handling and analysis capabilityProvide operations log accessible to personnel documenting all mandated reportable cyber events/incidentsAnalyze detected cyber events to identify incidentsCategorize and characterize cyber incidentsNotify affected Subscribers of cyber incidents and collect assessments of mission impact for the loss of the system during the incident response processAnalyze cyber incidents to develop specific responsesDistribute tailored countermeasures or interim guidance to Subscribers to eradicate and prevent cyber incidents across all subscribersPerform forensic analysis of systems and malware in cases where subscribers lack the capability and ensure relevant IOCs are shared with Warning IntelligenceMitigate operational and/or technical impact due to cyber incidentsContain the spread of malware to prevent further damage to IT systems through detection, analysis, and execution of containment measuresQualifications:Must possess Bachelor's degree or equivalent experienceMust have at least 2 years intrusion detection experienceMust have at least 2 years relevant IT and/or System administrator experience and 2 years relevant Information Security experienceMust have the certifications for DOD 8570 IAT Level II minimallyMust have the certifications for DOD 8570 CSSP-Analyst or CSSP-Incident ResponderMust have the ability to earn DoD 8570 computing environment certification within 6 monthsUnderstanding of network hardware devices and experience configuring Access Control Lists or other Firewall or Router configuration experienceAbility to demonstrate strong knowledge of computer security conceptsAbility to communicate effectively, interpret regulatory guidance and identified vulnerabilities to a wide audienceAdvanced knowledge of network technologies and protocolsAdvanced understanding of current threats and trends present in the Information Security and Technology fieldMust complete the specified Joint Qualification Requirement training within 180 days of date of hire, unless otherwise specifiedSECURITY CLEARANCE REQUIRED: Must be able to obtain and maintain a Secret clearance. US Citizenship is a requirement for Secret clearance at this location.
Physical Demands:Must be able to lift up to 25 poundsMust be able to stand and walk for prolonged amounts of timeMust be able to twist, bend and squat periodically#LI-MN1
Bowhead seeks a Cybersecurity Network Defense Analyst to join our team in Dayton, OH. The Cybersecurity Network Defense Analyst uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. They provide on-site 24x7x365 operational support in the form of event/incident handling and analysis capability to cybersecurity service subscribers. These highly skilled individuals will work in various capacities alongside Warning Intelligence Analysts and Engineers.The Cybersecurity Network Defense Analyst will work in the Attack Sensing and Warning (AS&W) division which senses changes in subscriber networks through comparison to established baselines and the fusion/integration of closed and open source intelligence to enhance sensing capability. They will perform the analysis of disparate data sources to form a cohesive view of the current cyber security state. They will characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.These positions are in a 24x7x365 Cybersecurity environment and qualified candidates must be able to work 12 hour night shifts.Responsibilities:Receive and distribute AS&W informationConduct AS&W activities to develop appropriate response (receives and archive task orders, directives, and other required actions, and maintain internal and external source location information)Coordinate AS&W information from other sources to aid in analysis of alertsAnalyze the Intrusion Detection System alerts to identify unauthorized or anomalous activityIdentify, documents, and reports unauthorized activity/attacks (including IP addresses and ports, attack vector, and attack timeframe) in all incidents and reports per HPCMP CSSP sopsTake action, if appropriate, to prevent or mitigate potential impact to the DODIN based on cyber threats, and develop and distribute countermeasures and interim guidance to prevent or mitigate threats and/or attacks on DODINMonitor a platform capable of performing information security continuous monitoring (ISCM) for the purposes of detecting cyber intrusions, attacks, anomalous behavior, and possible insider threatsCollect intrusion artifacts (e.g., source code, malware, and trojans)Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediationReport incidents and events within proper channels and within timelines identified in the CJCSM 6510.01BProvide a 24/7x365 event/incident handling and analysis capabilityProvide operations log accessible to personnel documenting all mandated reportable cyber events/incidentsAnalyze detected cyber events to identify incidentsCategorize and characterize cyber incidentsNotify affected Subscribers of cyber incidents and collect assessments of mission impact for the loss of the system during the incident response processAnalyze cyber incidents to develop specific responsesDistribute tailored countermeasures or interim guidance to Subscribers to eradicate and prevent cyber incidents across all subscribersPerform forensic analysis of systems and malware in cases where subscribers lack the capability and ensure relevant IOCs are shared with Warning IntelligenceMitigate operational and/or technical impact due to cyber incidentsContain the spread of malware to prevent further damage to IT systems through detection, analysis, and execution of containment measuresQualifications:Must possess Bachelor's degree or equivalent experienceMust have at least 2 years intrusion detection experienceMust have at least 2 years relevant IT and/or System administrator experience and 2 years relevant Information Security experienceMust have the certifications for DOD 8570 IAT Level II minimallyMust have the certifications for DOD 8570 CSSP-Analyst or CSSP-Incident ResponderMust have the ability to earn DoD 8570 computing environment certification within 6 monthsUnderstanding of network hardware devices and experience configuring Access Control Lists or other Firewall or Router configuration experienceAbility to demonstrate strong knowledge of computer security conceptsAbility to communicate effectively, interpret regulatory guidance and identified vulnerabilities to a wide audienceAdvanced knowledge of network technologies and protocolsAdvanced understanding of current threats and trends present in the Information Security and Technology fieldMust complete the specified Joint Qualification Requirement training within 180 days of date of hire, unless otherwise specifiedSECURITY CLEARANCE REQUIRED: Must be able to obtain and maintain a Secret clearance. US Citizenship is a requirement for Secret clearance at this location.
Physical Demands:Must be able to lift up to 25 poundsMust be able to stand and walk for prolonged amounts of timeMust be able to twist, bend and squat periodically#LI-MN1