Cyber Defense Operator @ TEKsystems | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
Cyber Defense Operator jobs in San Antonio, TX
Be an early applicantLess than 25 applicants
expire-info-iconThis job has closed.
job-post-linkOriginal Job Post
company-logo

TEKsystems · 2 days ago

Cyber Defense Operator

positionSan Antonio, TX
timeFull-time
remoteOnsite
seniorityEntry, Mid Level
date3+ years exp

Wonder how qualified you are to the job?

ftfMaximize your interview chances
Information Technology
check
Actively Hiring

Insider Connection @TEKsystems

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Review all IDS/IPS alerts per Air Force Operating Instruction (OI) and checklists at the AOL, COOP, or Ops Floor.
Develop, review, and maintain procedures related to the overall monitoring of Hosts/Systems.
Comply with 3rd party MOU/MOA monitoring and reporting requirements.
Analyze traffic/logs/events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities.
Record who, what, where, why and when for any identified suspicious activity in case management system (CMS) case to enable additional investigations.
Provide monthly performance metrics including readiness, qualifications, events processed, CAT events, and incidents identified.
Escalate security incidents using established policies and procedures.
Generate end of mission reports (MISREPS) and provide pass‐on information for knowledge transfer to subsequent/crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no more than a 5% error rate.
Provide computer security‐related support to AF field units, as directed by CCC, in countering vulnerabilities, minimizing risk, and improving the security posture of AF computers networks and systems within the scope of SOC operational requirements and mission execution.
Provide focused DCO tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises.
Conduct 24x7x365 near real‐time network security monitoring and intrusion detection analysis for the networks, systems monitored using AF’s selected IDS/IPS capabilities with no more than a 1% error rate.
Create and document metrics for reporting and analysis to improve alert triage processes and mission execution.
Provide requested information to operational leadership as it relates to mission execution.
Conduct intake of administrative and operational communication from external agencies and route the communication to the Mission Lead/Crew Commander.
Perform security checks every four hours to verify external doors are properly closed and no suspicious activity is taking place around the facility. If suspicious activity is observed or suspected, contact and inform the Crew Commander.
Initiate emergency checklists due to imminent threat, as directed by Crew Commander. Call emergency responders (Security Forces/Fire Department etc.) if needed via 911.
Provide feedback on detection mechanisms that are both true and false positive events to ESM and Content Development as applicable.
Participate in planning, briefing, and debriefing tasks as directed by CDO Mission Lead or Crew Commander.
Accomplish assigned weapon system access, ORM, Go/No Go, reports, TTP updates, and TAR submissions.
Execute approved scoping actions. Find endpoints matching target: accounts, registry configurations, files, processes, IP addresses, ports, domains, or other correlating data to determine extent of compromises.
Execute approved response actions against target: accounts, registry configurations, files, processes, IP addresses, ports, domains, or other system components to contain compromises.
Analyze threat intelligence (TIPPERS) as directed by CDO Mission Lead or Crew Commander to include contextual information, IoCs, TTPs, vulnerabilities, effects, and actionable intelligence about threats mapped to the MITRE threat framework.
Work with CDO Mission Lead for prioritization and assignment of tasks.
Provide CDO Mission Lead support, notify CDOs of Crew Commander prioritized tasks, tracking all required mission systems and functions.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

ACTIVE TS/SCI CLEARANCESEC+ certificationGCFA certificationIntrusion detection analysisHost security monitoringProcedures developmentCompliance monitoringSecurity sensors analysisLog reviewPerformance metrics reportingMission reports generationComputer security supportNetwork security monitoringMetrics creationOperational information provisionEmergency responseThreat intelligence analysis

Required

ACTIVE TS/SCI CLEARANCE
SEC+ certification
Ability to obtain a GCFA certification within 120 days of employment
Ability to work in a 24/7 shift environment
Review all IDS/IPS alerts per Air Force Operating Instruction (OI) and checklists
Conduct host security monitoring, alert review, and intrusion detection analysis
Develop, review, and maintain procedures related to monitoring of Hosts/Systems
Comply with 3rd party MOU/MOA monitoring and reporting requirements
Analyze host DCO events to determine the necessity for higher level analysis
Monitor security sensors to analyze IDS and SIEM to identify and correlate security issues/events
Review logs to identify intrusions for remediation
Correlate suspicious events with network events and data stored within databases and other external DoD resources
Record suspicious activity in case management system
Conduct triage of suspicious activity alerts and logs
Enter event data into mission support systems
Provide monthly performance metrics
Escalate security incidents using established policies and procedures
Generate end of mission reports (MISREPS)
Provide computer security-related support to AF field units
Provide focused DCO tailored analysis and monitoring operations
Conduct 24x7x365 near real-time network security monitoring
Create and document metrics for reporting and analysis
Provide requested information to operational leadership
Perform security checks every four hours
Initiate emergency checklists due to imminent threat
Provide feedback on detection mechanisms
Participate in planning, briefing, and debriefing tasks
Accomplish assigned weapon system access, ORM, Go/No Go, reports, TTP updates, and TAR submissions
Execute approved scoping actions
Execute approved response actions against targets
Analyze threat intelligence as directed
Work with CDO Mission Lead for prioritization and assignment of tasks

Company

TEKsystems

twittertwittertwitter
Glassdoor
3.9
company-logo
At TEKsystems, they understand people. Every year they deploy over 80,000 IT professionals at 6,000 client sites across North America,
dateFounded in 1994
location
Hanover, Maryland, USA
people-size10,001+ employees
web-link
http://www.teksystems.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Ryan Skains
Vice President Global Alliances
linkedin

Recent News

Law360
IT Recruiters Pursue Win Against Staffing Co. In OT Class Suit
2024-05-24
Business Wire
TEKsystems' 2024 Diversity, Equity and Inclusion in IT Report Explores Value of DEI Initiatives Amid Ongoing ...
2024-04-07
PR Newswire
BlueVoyant and TEKsystems Global Services Harness Advanced Analytics, Fortify Cybersecurity Defenses
2024-04-07
Company data provided by crunchbase
logo

Orion

Your AI Copilot