The Contractor shall:
• Maintain documented plans and procedures to augment existing personnel to surge operations in response to a major incident. The Contractor shall be able to maintain surge tempo for not less than 14 days.
• Execute yearly surge table top exercises to test Contingency Of Operations Planning (COOP).
• Ensure Interrogator Intrusion Detection systems (IDSs) are deployed on all subscriber networks in accordance with DoD policy. Perform regular active maintenance and tuning of the sensors to ensure effectiveness of the IDS devices.
• Perform collection, normalization, analysis, and correlation of network data to identify unauthorized and malicious activity. Sense changes in subscriber computer networks based on the analysis of current and archived security information. Use attack sensing and warning information to enhance cyber monitoring and detection services in response to emerging threats and provide this information to other CDSPs and tier 1 organizations.
• Continually perform real-time and retrospective intrusion detection analysis on Linux and Unix-based Intrusion Detection systems.
• Develop and maintain software scripts to automate analyst processes.
• Use ARL-developed Continuous Monitoring Risk Scoring (CMRS) capabilities to monitor all subscriber networks for network-based attacks and threats.
• Perform daily open-source intel checks of security blogs and websites for any new threats, new types of malware, new malware variants, zero day exploits, or any other information that can be used to create new IDS rules, or to perform retrospective data searches in order to protect subscribers’ sites immediately and in the future.
• Produce indications, warnings, and situational awareness reports for sharing and distribution to ARL CDSP subscribers, peer CND organizations, and tier 1.
• Perform incident and event reporting to tier 1, and law enforcement counter intelligence in accordance with Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510 reporting guidance.
• Safeguard all incident reports and supporting raw data so that valuable information is available for analysis by authorized network security analysts but protected against unauthorized disclosure.
• Provide 24x7 incident and event response to ARL CDSP subscribers and ensure response actions occur in compliance with DoD-mandated timelines
Requirements Education: Bachelor’s degree. Completed applicable discipline Certification (e.g. DISCO certification for InfoSec Security Specialist) within one (1) year of assuming duties.
Experience: Six (6) years of experience, to include: applicable security discipline principles, practices, and procedures.