Receive and analyze network alerts from various sources within the NE or enclave and determine possible causes of such alerts-McAfee HBSS Admin background to include hands on experience with DLP
Coordinate with enclave CND staff to validate network alerts
Perform analysis of log files from a variety of sources within the NE or enclave, to include individual host logs, network traffic logs, firewall logs, and intrusion detection system logs
Notify CND managers, CND incident responders, and other team members of suspected CND incidents and articulate the event s history, status, and potential impact for further action
Direct initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enclave systems
Track and document CND incidents from initial detection through final resolution
Write and publish CND guidance and reports on incident findings to appropriate constituencies
Maintain knowledge of applicable CND policies, regulations, and compliance documents specifically related to CND auditing
Perform CND vulnerability assessments within the enclave utilizing Retina Network Security Scanner and DISA STIGs • Implement and enforce CND policies and procedures reflecting applicable laws, policies, procedures, and regulations (e.g., Reference (g))
Manage the publishing of CND guidance (e.g., IAVAs and TCNOs) for the enclave constituency
Provide incident reports, summaries, and other situational awareness information to higher headquarters
Manage an incident (e.g., coordinate documentation, work efforts, resource utilization within the organization) from inception to final remediation and after action reporting
Knowledge, Skills and Abilities
CAP, CISM, GSLC or CISSP certification required.
ITIL Foundation certification preferred
Is competent in most areas of information systems security, including network, application, database and physical
Good communication skills; shows tact, effective listening skills and follow through
May be required to provide clear and effective direction and guidance to less experienced staff
Must be able to successfully monitor systems, detect security problems and create IT solutions, including those of moderate complexity or sophistication
Ability to make recommendations to security flaws in question
Detail oriented and organized; able to understand information systems and ensure accuracy of work
May review the work of others and be able to detect errors or needed modifications
Familiar with requirements of DoD 8570.1
Must have a Top Secret security clearance and be able to obtain a SCI (TS/SCI)
Work environment is administrative office
90-120 days rotations to overseas locations
DESIRED QUALIFICATIONS: BA/BS (or equivalent experience), 2+ years of experience
This position requires being fully vaccinated against COVID-19 by January 18, 2022 or the start date, if after January 18. Individuals who work in or reside in Texas or Montana or work outside of the United States may be excluded from this requirement.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.