MUST HAVE ACTIVE TS/SCI CLEARANCE. CANIDATES WITHOUT AN ACTIVE CLEARANCE WILL NOT BE CONSIDERED. MUST BE ABLE TO OBTAIN A GCFA CERTIFICATION WITHIN 120 DAYS OF EMPLOYMENT.

-Review all IDS/IPS

alerts per Air Force Operating Instruction (OI) and checklists at the AOL,

COOP, or Ops Floor. Conduct host security monitoring, alert review, and

intrusion detection analysis for the SOC mission.

-Develop, Review and

Maintain procedures related to the overall monitoring of Hosts/Systems.

-Comply with 3rd

party MOU/MOA monitoring and reporting requirements. Analyze host DCO events to

determine the necessity for higher level analysis and conduct an initial

assessment of type and extent of intruder activities.

-Monitor security

sensors to analyze Intrusion Detection Systems (IDS) and Security Information

and Event Management (SIEM) to identify and correlate security issues/events

and review logs to identify intrusions for remediation. Correlate suspicious

events with network events, if possible, and data stored within databases and

other external DoD resources, including but not limited to Big Data Platform

(BDP).

-Analyze

traffic/logs/events to determine the necessity for higher level analysis and

conduct an initial assessment of type and extent of intruder activities.

-Record who, what,

where, why and when for any identified suspicious activity in case management

system (CMS) case to enable additional investigations.

-Conduct triage of

suspicious activity alerts and logs in order to make a fast and accurate triage

decision.

-Enter event data

into mission support systems in accordance with SOC operational procedures and

reports.

-Provide monthly

performance metrics including but not limited to: readiness, qualifications,

events processed, CAT events and incidents identified.

-Escalate security

incidents using established policies and procedures.

-Generate end of

mission reports (MISREPS) and provide pass‐on information for knowledge

transfer to subsequent /crews of analysts on duty regarding the latest

suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no

more than a 5% error rate.

-Provide computer

security‐related support to AF field units, as directed by CCC, in countering

vulnerabilities, minimizing risk, and improving the security posture of AF

computers networks and systems within the scope of SOC operational requirements

and mission execution.

-Provide focused DCO

tailored analysis and monitoring operations of specified sensor locations

during contingency operations and in support of named DCO operations and

exercises.

-Conduct 24x7x365

near real‐time network security monitoring and intrusion detection analysis for

the networks, systems monitored using AF’s selected IDS/IPS capabilities with

no more than a 1% error rate.

-Create and document

metrics for reporting and analysis to improve alert triage processes and

mission execution.

-Provide requested

information to operational leadership as it relates to mission execution.

Conduct intake of

administrative and operational communication from external agencies and route

the communication to the Mission Lead/Crew Commander.

-Perform security

checks every four hours to verify external doors are properly closed and no

suspicious activity is taking place around the facility. If suspicious activity

is observed or suspected, contact and inform the Crew Commander.

-Initiate emergency

checklists due to imminent threat, as directed by Crew Commander. Call

emergency responders (Security Forces/Fire Department etc.) if needed via 911.

-Provide feedback on

detection mechanisms that are both true and false positive events to ESM and

Content Development as applicable.

-Participate in

planning, briefing, and debriefing tasks as directed by CDO Mission Lead or

Crew Commander.

=Accomplish assigned

weapon system access, ORM, Go/No Go, reports, TTP updates and TAR submissions.

=Execute approved

scoping actions. Find endpoints matching target: accounts, registry

configurations, files, processes, IP addresses, ports, domains, or other

correlating data to determine extent of compromises.

-Execute approved

response actions against target: accounts, registry configurations, files,

processes, IP addresses, ports, domains, or other system components to contain

compromises.

-Analyze threat

intelligence (TIPPERS) as directed by CDO Mission Lead or Crew Commander to

include contextual information, IoCs, TTPs, vulnerabilities, effects, and

actionable intelligence about threats mapped to the MITRE threat framework.

-Work with CDO

Mission Lead for prioritization and assignment of tasks.

-Provide CDO Mission

Lead support, notify CDOs of Crew Commander prioritized tasks, tracking all

required mission systems and functions.

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.