Site Lead Network Defense and Security Analysis

Clearance Level
Top Secret/SCI
Information Security
Lackland AFB, Texas

REQ#: RQ53591

Travel Required: 10-25%
Requisition Type: Regular

Ensure that the Monthly Status Report is provided IAW PWS directions.

Assist other active duty, government civilians, and contractors assigned to the same functional areas to raise the level of proficiency and effectiveness of the team performing that function.

Provide technical reports, meeting minutes, program plans, concepts of operations, contingency plans, and related documentation as identified for task deliverables

Prepare and disseminate operational reports. A list of operational reports shall include, but is not limited to, AF Computer Emergency Response Team (AFCERT) daily operations report (DOR), operation report (OPREP), and situational report (SITREP), incident response, law enforcement reports, and recovery operations reports, Information Protection Bulletins (IP Bulletins), AFCERT Time Compliance Network Orders (TCNOs), malicious logic/virus notifications, INFOCONs, and other messages.

Support real-time monitoring of all assigned IPS/IPS deployed and supporting the USAFCENT/USCENTCOM mission.

Monitor network traffic to provide event correlations of operational traffic from multiple locations to determine network security posture.

Use standard/provided network tools to evaluate traffic for incident response analysis.

Coordinate and execute JTF-GNO Information Assurance Vulnerability Alert (IAVA) notices as applicable on USCENTCOM networks/systems with the USAFCENT NOSC.

Maintain IDS/IPS devices to ensure they are operating at optimal efficiency.

Maintain Crew certification as required to operate on USCENTCOM, USAFCENT, and AF networks.

IDS/IPS Real-Time Monitoring Analysis. The contractor shall:

Maintain current knowledge on new vulnerabilities and exploits. Develop methods to detect and prevent intrusive activities utilizing these new vulnerabilities and exploits. Assist NOSC-Cybersecurity to develop countermeasures (to include IDS/IPS signature development and correlation rule sets) to isolate, contain and prevent intrusive actives and secure USAFCENT/USCENTCOM networks.

Track trends of authorized an unauthorized activity.

Correlate unusual and suspicious network activity across USCENTCOM. Validate unusual network activity unique to a geographical regions and sensor locations.

Provide an overall site-analysis profile to serve as a benchmark to identify unusual or suspicious activity.

Assist in the compilation of Network Defense statistical and trend data, and operational event reporting, as requested by NOSC management

Network Event Correlation/Advanced Traffic Analysis. The contractor shall:

Possess the following skill sets: experience with DoD/AF incident reporting processes; familiarity with NSA Threat Operations Center (NTOC) Attack, Sensing & Warning (AS&W) alerts and processing; knowledge and experience constructing, executing and troubleshooting SQL DB queries; knowledge and experience with the DOD Centaur analysis system. The contractor shall maintain their respective Advanced Traffic Analyst certification via Stan/Eval processes for operational positions.

Provide site-specific and service-level intrusion packet level analysis using selected tools and activities related to mission execution; and track trends of authorized and unauthorized activity.

Correlate unusual and suspicious network activity across USCENTCOM; and validate unusual network activity unique to geographical regions and sensor location(s).

Document network devices and location of network devices. Provide technical information to USCENTCOM customers on devices with an emphasis on any possible security issues with them. Document any waivers for non-standard network configurations.

Provide an overall site-analysis and profile for existing USCENTCOM networks and supported units to serve as a benchmark to identify unusual or suspicious activity; and research, document and report suspicious activity IAW established procedures.

Provide focused Network Defense, tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named Network Defense operations and exercises.

Assist in the compilation of Network Defense statistical and trend data, and operational event reporting, as requested by NOSC management.


M.S and 7+ years relevant experience (preferred)



MCP (Server)

Network +CE

ITIL Foundation

TS SCI Clearance Required

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.