Cyber Defense Operator (CDO)

IPSecure, Inc.

$75K — $95K *
Jbsa Lackland, TX 78236In-Person
Information Technology
Less than 5 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • Active TS/SCI Level Clearance required.
  • Active IAT Level II Certification (e.g., CompTIA Security+).
  • Willingness to obtain CSSP Incident Responder (GCFA) Certification within 120 days of hire.
  • 3+ years of related technical and cyber security experience preferred.

Responsibilities

  • Complete the incident response process for escalated CAT events, covering all critical phases.
  • Investigate suspicious activities on Air Force networks to validate and analyze unauthorized events.
  • Provide technical support to law enforcement and counter-intelligence agencies as needed.
  • Contribute insights during lessons learned meetings and briefings.
  • Support planned and immediate Incident Response deployments.
  • Analyze DCO events for potential higher-level analysis needs and conduct initial assessments of intrusions.
  • Author incident reports ensuring accuracy and sufficient technical detail for decision-making.

Benefits

  • Medical, dental, and vision insurance.
  • Unlimited vacation and sick leave policies.
  • Paid federal holidays.
  • Education and certification reimbursement program.
  • 401(k) retirement plan with employer match after 3 months.
  • Access to a prepaid legal and ID protection plan.
  • Additional accident, critical illness, and hospital indemnity insurance options.
Full Job Description
Cyber Defense Operator (CDO) - TS/SCI Level Clearance Required - Located in San Antonio, Texas

Job Description

The ability of the Cyber Defense Operator (CDO) is to complete its mission dependent upon accurate, timely and thorough event analysis in order to identify intruder or potential intruder activities utilizing host and network monitoring and system logs. The CDO shall correlate information gathered to provide effective methods to protect Air Force (AF) systems. Upon identification of suspicious activity on AF networks, open network intrusion investigation(s) to validate the unauthorized activity and determine the type and extent of activity.

Responsibilities
  • When CAT events are escalated to incident response, complete incident response process, including: preparation, identification and scoping, containment, eradication and remediation, recovery, and lessons learned.
  • Upon identification of suspicious activity on AF networks, open network intrusion investigation(s) to validate the unauthorized activity and determine the type and extent of activity.
  • Provide AF Office of Special Investigations (OSI) DCO technical support to law enforcement and counter-intelligence agencies and activities if required.
  • Participate and contribute to lessons learned meetings and briefings.
  • Support planned and same-day Incident Response deployments.
  • Comply with 3rd party MOU/MOA monitoring and reporting requirements. Analyze host DCO events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities.
  • Conduct cyber investigations in order to determine the initial vector and overall timeline of intrusion, accurately identify the threat, determine the full scope of impact, and develop containment and remediation actions for approval.
  • Author and review incident report forms (IRF) for security incidents within JEMS. Ensure the document is accurate and provides the correct amount of technical detail needed. (CDRL A008)
  • Provide AF Office of Special Investigations (OSI) DCO technical support to law enforcement and counter-intelligence agencies and activities if required.
  • Generate end of mission reports (MISREPS) and provide pass-on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no more than a 5% error rate.
  • Generate end of mission reports (MISREPS) and provide pass-on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc.
  • Provide computer security-related support to AF field units as directed by CCC, in countering vulnerabilities, minimizing risk, and improving the security posture of AF computers networks and systems within the scope of AFIN SOC operational requirements and mission execution.
  • Participate in planning, briefing, and debriefing tasks as directed by CDO Mission Lead or Crew Commander.
  • Provide feedback on detection mechanisms that are both true and false positive events to ESM and Content Development as applicable.
  • Design incident response plans (IRP) as directed by the Crew Commander. Ensure CDOs are briefed on objectives, ROEs, plans, contingencies, and applicable TTPs.
  • Accomplish assigned weapon system access, ORM, Go/No Go, reports, TTP updates, and TAR submissions.

Basic Qualifications
  • Active TS/SCI Level Clearance.
  • Active IAT Level II Cert (ex: CompTIA Security+)
  • Ability to gain the CSSP Incident Responder Certification (GCFA) Certification requirement within 120-days of hire date.

Preferred Qualifications
  • 3+ years of relevant technical, cyber security, and business work experience

Benefits

Medical, Dental, Vision, Unlimited Vacation, Sick Leave, Paid Federal Holidays, Education and Certification Reimbursement Program, 401(k) retirement plan with safe harbor employer match after 3 months, Prepaid legal plan and ID protection plan available, Accident Insurance, Critical Illness Insurance, and Hospital Indemnity Insurance available.

* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at IPSecure, Inc.

More Information Technology Jobs

Find similar Cyber Defense Operator (CDO) jobs:

NationwideJbsa Lackland, TX