- Must understand Computer Network Defense (CND) operations.
- Centrally coordinate and/or recommend CND operations that impact more than one DoD Component.
- Provide Defense-wide situational awareness and attack sensing and warning through fusion, analysis and coordinated information flows.
- Analyze trending data to develop countermeasures and assess impact on defense of DoD computer networks.
- Ensure that all DoD Cyber Components (43 Authorizing Officials) have continuous information exchange and work together in synchrony, i.e., simultaneously execute a single prescribed Course of Action (COA) and that at any given time, a new COA can override the existing one. Coordination among Cyber Components on behalf and under the direction of the USCYBERCOM.
- Recommend Information Operations Conditions (INFOCON)/CPCON changes in response to unauthorized activity (e.g., computer network attacks, computer network exploitation, system misuse), and to mitigate potential damage to DoD information systems and computer networks.
- Provide support via expertise in the development of strategic plans and implementation of defensive hardening initiatives.
- Access, modify, and have Level III expertise, to include Element Managers, Networking, Access Control, Continuous Monitoring, Certificate Validation, Virtualization, Secure Remote Terminal Access, Event Management, Network Performance Management, Data Backup, Identification and Access Management, File Transfer, Server Memory, Secure Access Gateway hardware, Firewall, Intrusion Prevention and Detection Systems, Network Load Balancers, Routers and Switches, Network Flow Collectors, Data Loss Protection, Traffic Analyzers, Secure Socket Layer Decryption Components, Web Security Gateway, Break and Inspect (B&I), Intrusion Protection System, wide-area networks Optimization, Intrusion Detection System, Host Based Security Systems, Logging/Log Aggregation and Detonation Chamber, Joint Incident Management System (JIMS) and other reporting resources, Cyber Situational Awareness Analytical Cloud (CSAAC) analysis database, Security Incident and Event Management (SIEM) software such as ArcSight and other capabilities like Splunk, SourceFire Defense Center, and Silk in order to provide trending data analysis for immediate to short-term cyber incidents across the DODIN.
- Operate, maintain and support weekly Cyber Working Groups in order to provide DODIN-wide Computer Network Defense (CND) operational framework, methodology and advice/recommendations in support of all DOD Components; centrally coordinate CND operations which impact more than one DOD component. This requires the understanding of Cybersecurity Architectures deployed across the DODIN and knowledge of DoD Architecture Framework.
- Recommend Information Operations Conditions changes in response to unauthorized activity (e.g., computer network attacks, computer network exploitation, system misuse), and to mitigate potential damage to DoD information systems and computer networks.
- Respond to official questions through Request for Information tools found on JFHQ-
- DODIN SharePoint.
- Provide written and verbal input to JFHQ-DODIN leadership, DCO-IDM Team, and other staff planners on a strategy to mitigate against trending threats. This task requires collaboration with DISA, National Security Agency, USCYBERCOM, Service Components, DOD CIO, Joint Staff and other DoD stakeholders for DCO-IDM requirements.
- Brief CC/S/A/FA on the status of DODIN defense through weekly collaboration meetings and senior leader engagements.
- Assist in daily development of threat mitigation-related mission orders to include Task Orders (TASKORD), Warning Orders (WARNORD), and Fragmentary Orders (FRAGO).
- Analyze operational reporting from cyber organizations; prepare Situational Awareness and Operational Update Briefings for JFHQ-DODIN staff and leadership on a daily basis.
- Maintain situational awareness of cyber activity in the IT arena, including daily reviews of open source reporting for new vulnerabilities, malware, or other threats that have the potential to impact the DODIN.
- Participate in command exercises (estimated 4 per year) and provide feedback in after action reports.
- Produce statistics-based status updates outlining IAP tool mitigations and its effectiveness; brief updates at recurring intervals, at a minimum weekly.
- Manage and support the weekly execution of a Cyber Working Group, including the development and dissemination of the agenda (48 hours prior to the meeting), dissemination and tracking of all working products and artifacts, development and dissemination of minute notes and tracking the progress of all action items.
- On a daily basis, provide subject matter expertise to organizational leadership
- Update the Countermeasures standard operating procedures (SOP) detailing the process for identifying the problem(s) and multiple solutions, calculating return on investment, prioritizing recommendations, gaining approval, implementing and assessing countermeasure for the DODIN. The SOP shall include processes required for internal and external coordination and synchronization for DCO-IDM.
- · Understanding of DODIN architecture and defense in depth concepts.
- · Experience coordinating and/or recommending CND operations that impact more than one DoD Component.
- Experience monitoring the DODIN for IAVA compliance and assessing impact on defense of DoD computer networks.
- · Experience with and/or a working knowledge of the following:
o Networking infrastructure: routers, switches, and web security gateway
o TCP/IP Protocols and Services
o Identification and Access Management
o Firewalls, Access Control Lists
o Intrusion Detection/Prevention Systems (IDS/IPS)
o Demilitarized Zone (DMZ)
o SIEM and JIMS Reports
o Data backup/Data Loss Prevention (DLP)
o Host Base Security Systems (HBSS)
o Enterprise Mission Assurance Support Service (eMASS)
- Experience with one or more of the following functional areas:
o Cyber Protection Condition (CPCON)
o Defense Security/Cybersecurity Authorization Working Group (DSAWG)
o Domain Name System (DNS)
o Information Assurance Platform (IAP)
o Joint Regional Security Stacks (JRSS)
o Open Certification Framework (OCF)
o Assured Compliance Assessment Solution (ACAS)
o Automated Continuous Endpoint Monitoring (ACEM)
o App Containment
o Comply to Connect (C2C)
o Endpoint Detection & Response (EDR)
o Win 10
o Host Base Security Systems (HBSS) Divestment
- · Security+ (CISSP, CISM and GSLC)
- · ITIL v3 Foundation certified
- · Critical/logical thinking skills
- · Advanced communications and presentations skills (verbal and written) enabling precise conveyance of information across all CC/S/A/FA with command and proper enunciation of the English language
- · Flexible, dependable and be able to multi-task with priorities
- · Excellent customer service skills
Team Leader Role
- · Researcher focused
- · Management responsibilities and oversight of personnel
- · Responsibility for completion of contract deliverable
- · Preparing monthly briefings to government customer on progress of work
- · Preparing monthly status reports
Special Requirements/Security Clearance
- · DOD TS/SCI eligibility is required