Cyber Operations Countermeasures Engineer

Cyber Operations Countermeasures Engineer

Leidos has a current job opportunity for a Cyber Operations Countermeasures Engineer on the DISA GSM-O II program supporting the DISA Joint Operations Center (DJOC) embedded with DISA Headquarters, Fort Meade, MD. The candidate will support the DISA GSM-O II TN13 Defensive Cyber Operations (DCO) Branch. This position will provide leadership for defensive cyber operations activities and will be expected to actively engage with a variety of customers and mission partners, anticipating their needs, and delivering flawlessly.

GSM-O II provides network operations and cyber defense support to the Defense Information Systems Agency (DISA) in support of the Department of Defense (DoD) and Combatant Commands (CoCOMs).

PRIMARY RESPONSIBILITIES:

• Direct and track enterprise countermeasure actions and assess the effectiveness of countermeasures on an ongoing basis.
• Analyze high volumes of logs, network data (e.g. NetFlow, PCAP), and other attack artifacts in support of incident investigations.
• Understand the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
• Collaborate with team members and Subject Matter Experts (SMEs) to create and validate countermeasures in accordance with (IAW) the DoDIN boundary defense posture.
• Maintain situational awareness of cyber activity by reviewing DoD, Intelligence Community and open source reporting for new vulnerabilities, malware or other threats that have the potential to impact the DoDIN.
• Support mission-critical Continuity of Operations (COOP).

BASIC QUALIFICATIONS:

• Must have an active and maintain a Top Secret/SCI clearance.
• BS degree and 4 + years of prior relevant experience in order to operate within the scope contemplated by the level. AA +6 years or 8 Years of work relevant expertise without degree.
• Must have a DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent) to start and able to obtain CSSP-A certification within 180 days of start date. The candidate is required to maintain these certs during employment.
• Proficient understanding of Cyber Network Defense (CND) in regards to protect, detect, respond and sustain within a Computer Incident Response organization.
• Applying Various subnet techniques (e.g CIDR)
• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
• Knowledge of the common attack vectors at the network layer.
• Experience with receiving, analyzing, and troubleshooting, network alerts from various sources within the Enterprise to determine Root Cause.

PREFERRED QUALIFICATIONS:

• Experience with DISA and DoD Networks.
• Experience with malware analysis concepts and methods
• Use of Cyber Defense tools for continual monitoring and analysis of system activity to identify malicious activity.
• Providing timely identification and alerting of possible attacks/intrusions, anomalous activities and misuse activities and distinguish these incidents and events from benign activities.
• Skill in configuring and utilizing network protection components (e.g. Firewalls, VPNs, IPS, IDS, and NIDS)
• Advanced Certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP.
• Experience in intelligence driven defense and/or cyber–Kill Chain methodology.

Come break things (in a good way). Then build them smarter.

We're the tech company everyone calls when things get weird. We don't wear capes (they're a safety hazard), but we do solve high-stakes problems with code, caffeine, and a healthy disregard for "how it's always been done."