NCI: As a Cyber Software Engineer III, you will provide services in support of the United States (U.S.) Army Cyber Command’s (ARCYBER) mission, to direct and conduct integrated Electronic Warfare (EW), Information Operations (IO), and Cyberspace Operations, as authorized or directed, to ensure freedom of action in and through cyberspace and the information environment, and to deny the same to adversaries. Cyber Application Specialist III. Designs, develops, deploys, tests, and evaluates cyber systems and applications. Coordinates resolution of application issues, upgrades, and problems. Conducts application configuration and optimization. Develops and maintains manuals, drawings, system specifications, electronic and hardcopy files of customer installations, calibration records, maintenance records, and quality control information. Mentors mid-level and junior staff. In assuming this position, you will be a critical contributor to meeting NCI's mission: To deliver innovative, cost-effective solutions and services that enable our customers to rapidly adapt to dynamic environments.
Highlights of Responsibilities:
- Experienced designer, developer, deployer, tester, and evaluator of software applications. Has developed and maintained manuals, drawings, and/or system specifications.
- Skilled in multiple programming languages and knowledgeable in Agile development approaches.
- Provides oversight of activities and is directly responsible for receiving, analyzing, and distributing information in order to mitigate cyber incidents/events occurring throughout the RCCs across the designated AORs.
- Provides daily operational status briefings, makes technical recommendations, and provides procedural strategies for the Army Global “enterprise” network.
- Provides technical support to the Army Cyber Operations Integration Center (ACOIC) staff during identification, resolution, and tracking of network intrusions and other cybersecurity incidents/events. Coordinates with the RCCs, USCYBERCOM, JFHQ, DODIN, LE/CI, and IC, and various other agencies in order to triage and systematically analyze cyber intrusion events.
- Provide detection, correlation, identification, and characterization of intentional unauthorized activity and coordinate information on detected events with required teams to ensure timely response is executed.
- Provide support using scriptinglanguages (e.g., Python, Perl, PowerShell, etc.) to understand the adversarial capabilities and risks.
- Conduct open source research to identify commercial exploits or vulnerabilities (i.e., Zero-Day) requiring DCO actions.
- Identify current detection capabilities (e.g., Audio Visual (AV), Host Base Security System (HBSS), and Intrusion Detection System (IDS)/Intrusion Prevention Services (IPS)) for new or potential threat activity.
- Coordinate and develop host base and network base (IDS/IPS) signatures for implementation.
- Maintain sensor location documentation for sensor grid layout and design.
- Provide a cyber response team capability to develop mitigations in response to cyberthreats. In addition, contractor support shall include, but is not limited to, the following activities:
- Track, review, identify, and submit pre-approved actions (i.e., IP blocks/Uniform Resource Locator (URL) blocks).
- Review, assess, and recommend mitigation actions in response to confirmed, potential threat activity, and unknown/new vulnerabilities.
- Prepare and brief pre-approved actions conducted, as required.
- Provide potential COAs, assessments, and technical expertise; and, enhance and improve the defensive posture, as required.
- Conduct vulnerability tests to identify operational impacts of activity directed against systems or applications.
- Provide digital media and networkforensics using a variety of methods to detect and identify anomalous and/or malicious software.
- Coordinate with internal and external mission partners to execute F&MA functions, including LE/CI liaison officers, and other intelligence professionals to understand higher-level adversary capability. Perform reverse-engineering on compiled executable code.
- Examine malicious software/capabilities to identify the nature of the threat.
- Reverse-engineer the compiled executable code to examine how the program interacts with its environment.
- Analyze collected media for DCO value to understand adversary technical capabilities and TTPs/methods of employment.
- Analyze the attack/exploit capability of the software, and document and catalog findings for future correlation.
- Develop and maintain malware analysis artifacts, reports, case notes, and all case related data, and ensure information is properly stored within the infrastructure.
- Provide all pertinent finding to personnel responsible for the development of signatures capable of detecting the analyzed malware as it propagates on infected systems.
- Perform dead-box forensic analysis and live forensic/incident handling analysis, as required, to include collection, preservation, and transfer forensic evidence of unauthorized access to a military/partner network, device, or Information Systems (IS); analyze forensically sound images to identify suspicious/malicious files, all intrusion related artifacts, and entry points/attack vectors; and develop necessary procedures or scripts to identify such data.
- Provide ancillary IT maintenance support for the forensic lab environment to include active directory (Windows), servers, (VMWare ESX), switches (CISCO/Brocade), and other network hardware/software appliances, as required.
- Update relevant portions of SOPs, TTPs, CSSP, website information, as required.
- Maintain and configure IDS/IPS and sensors; develop and test signatures; and document procedures
- Update, maintain, configure security enterprise solutions (e.g., ArcSight Enterprise, etc.) to improve threat monitoring.
- Develop, maintain, and enhance cyber tools and software applications that improve tracking and facilitation of incident response.
- Develop dashboards, querying capabilities, trend analysis, and analysis tools using multiple data sources to correlate information.
- Identify and assess gaps in DCO capabilities and security posture and develop solutions as required.
- Develop and maintain documentation for activities as required.
- Current Information Assurance (IA) certification (required at performance start date): IAT II (CCNA Security, CySA+, GICSP, GSEC, Security+ CE, SSCP). IA Certification IAW DoD 8570.10-M.
- Clearance: Must possess the required favorably adjudicated TOP SECRET security clearance and favorable eligibility for SCI prior to start date; and must maintain the required TS/SCI throughout employment on this contract.
- Bachelor’s Degree 10 - 15 years practical experience.
This position requires the ability to perform the below essential functions:
- Sitting for long periods
- Standing for long periods
- Ambulate throughout an office
- Ambulate between several buildings
- Travel by land or air transportation 25%
- Job ID 2018-3052