« Home

This job ad has been posted over 60 days ago...



Cyber Incident Responder III Full-time

at USfalcon (Anywhere) (Published at 16-04-2018)

USfalcon, Inc., recognized as one of the fastest growing, privately held companies in the United States, is seeking a Cyber Incident Responder to work out of Schriever AFB, CO.

The purpose of this position is to perform Defensive Cyberspace Operations (DCO) activities for the 50th Space Wing (50 SW). Performance is based at Schriever Air Force Base (SAFB), Colorado. The purpose of the DCO support is to enable protection from, detection of, and response to cyber threats.

  • Bachelor’s degree in a technical field (STEM) from an accredited institution.
  • Four (4) years of relevant experience.
  • Candidate shall possess appropriate CSSP certification per DoD 8570.01-M for CSSP Analyst and CSSP Incident Responder categories with minimum
three (3) years of experience in CSSP certified work.

  • Top Secret/SCI Security Clearance.

  • Minimal CONUS travel.

Preferred Qualifications:

  • Proficient in Microsoft Office applications (e.g., Word, PowerPoint, Excel, Access, and Outlook).


  • Have the expertise in the AF Satellite Control Network (AFSCN)
  • Have experience providing recommendations on Tactics, Techniques, and Procedures (TTPs), Standard Operating Procedures (SOPs), training
materials, Operational Instructions (OI’s), and other materials to include identifying information to be monitored; systems/software to provide
monitoring capabilities; recommended event triggering thresholds; incident response measures; cyber security reporting processes and procedures;
and recommended actions to implement similar capabilities across AFSPC’s portfolio.
  • Monitor applicable systems and take action as necessary to comply with US Cyber Command (USCYBERCOM) directions and task orders (TASKORDS).
  • Maintain awareness of ground segment architecture for space mission system network traffic conditions, performance, bandwidth indicators, anomaly
alerts, unauthorized activity, audit logs, and any on-going cyber event or incident.
  • Notify on-duty government crew commander and/or crew chief immediately when an anomalous condition is discovered and recommend fix-actions
IAW Government-approved procedures/documentation.
  • Identify and document unauthorized activity and/or attacks to include: source/destination addresses and ports, attack vector (e.g. network intrusion,
web-based, etc.) and attack timeframe.
  • Ensure consistent and complete shift turnover of events/incidents, updating event/incident analysis records and maintain event/incident dashboards
and records in accordance with Government-approved procedures/documentation.
  • Conduct Malware Protection (MP) activities including monitoring network and/or host-based security, malware incidents, and malware detection
signature currency.
  • Provide support for Vulnerability Management (VA) and Malware Protection activities outlined in ESM v9.2 as well as support the appropriate
organization conducting VAA.
  • Support the Government in implementing defense-wide VAA notification, reporting, and coordination activities.
  • Be familiar with and monitor and report mission system response to INFOCON/CPCON changes by maintaining visibility into compliance with
INFOCON/CPCON change orders.
  • Assist the Government and provide cyber defense of the ground segment architecture for space mission system in Vulnerability Management (VM)
  • Provide recommendations and if required, take corrective actions to mitigate potential vulnerabilities or threats in accordance with CJCSM 6510.01B.
No more than zero (0) occurrences of failing to comply with CJCSM 6510.01B Appendix B incident reporting timelines.
  • Conduct vulnerability trend analysis from Vulnerability Scans (VS) and communicate trend analysis results to respective leadership.
  • Present and deliver relevant intrusion analysis and correlation information to enable ground segment architecture for space mission system operations
and sustainment decisions.
  • Shall support cyber incident handling operations to minimize potential loss and destruction, mitigation of weaknesses that were exploited, and
restoration of mission systems services.
  • Receive and perform preliminary analysis on warning intelligence information. This includes but is not limited to correlating and characterizing
unauthorized activity notices from intelligence organizations as well as assessing applicability of intelligence threat reports to defended mission
systems and recommending and implementing mitigations if deemed applicable.
  • Provide recommendations to improve cyber-attack mitigation as well as warning intelligence information sharing between intelligence organizations
and mission systems as a part of process improvement initiatives.
  • Provide technical expertise in the creation of courses of action, as appropriate, to remediate or mitigate Department of Defense Information Network
DODIN/Special Enclave (SE) attacks (e.g. cyber intelligence and/or threats).
  • Correlate threat and vulnerability data to provide analysis and recommendations of actions to mitigate/remediate issues on affected systems.
  • Understand the current network architecture and provide recommendations for the optimal placement of detection sensors.
  • Support the DCOM in failover operations in the event of system/network cyber outages.
  • Provide in-depth analysis of incidents by determining the incidents’ nature and formulating responses, identifying and correlating event and incident
data, determining actions to be taken, and determining possible effects on the ground segment architecture for space mission system.
  • Assist mission systems government/contractor crew member in writing and submitting timely Cyber Incident Reports and provide a copy to the
respective Government representative.
  • Prepare after action reports of cyber incidents and track open mitigation procedures. No more than one (1) missed deadline per year in submitting
after action reports and tracking open mitigation procedures when requested by the Government.
  • Additional duties as assigned.

Applicantsselected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; SECRET, TS, or TS/SCI clearance is required.

Recent jobs at USfalcon

Viewed: 49 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend
« Home