Computer World Services, Corporation (CWS) is seeking an exceptional candidate to serve as Defense Assessment Analyst- Senior for the US Army Regional Cyber Center – Continental United States (RCC-CONUS) program responsible for performing non-personal Information Technology (IT) Services and support requirements. RCC-CONUS is responsible to operate, manage, and defend the Army’s NIPRNet and Secure Internet Protocol Router Network (SIPRNet) CONUS portion of the GIG, and the NIPRNet and SIPRNet DoDIN-A. The RCC-CONUS functions as part of a larger joint environment, responding to the Theater Combatant Commanders, the ARCYBER, and the Army Cyber Command’s Army Cyberspace Operations and Integration Center (ACOIC), which operates the GIG in support of Department of Defense (DoD) operations around the world. Services include Network and System Modernization, Cyber Defensive Operations, Defensive Cyber Assessments, Defensive Cyber Infrastructure Support, Threat & Data Analytics, DoDIN Operation Support, Network Management, Systems Management, IT Lifecycle Management, IT Service Management (ITSM), Portfolio/IT Investment Management, and Theater Operations and Service Desk support.
The candidate will lead and participate in analysis of actual and predictable interacting operational activities of business to obtain a quantitative, rational basis for decision making through the application of logic and scientific or economic disciplines and techniques.
Key Tasks and Responsibilities
- Leverage a lab environment provided by the RCC-C for the purpose of malware analysis, development and testing of sensor signatures/rulesets, and the execution of penetration testing tactics, techniques, and procedures (TTPs) to determine the risk of exploits and vulnerabilities.
- Responsible for conducting both local and remote penetration testing designed to emulate current threat models to the Army network to execute an assessment of the defensive security posture.
- Conduct approximately, thirty-six (36), week-long CDAP missions annually consisting of both NAV and PPT mission areas based on Government prioritization and direction.
- Responsible for augmenting the Government in assessing a post/camp/station (P/C/S) and/or an organization’s security enclave, by means of trends and analysis to prioritize NAV visits.
- Conduct one NAV per month (on average) IAW established BBP, regulations, policies, and procedures, and as requested. NAVs require travel to a remote site to execute on-site penetration testing over a one-week period, or longer depending on the requirements of the mission.
- Utilize approved tools to execute penetration testing of the remote site by utilizing established documentation and the ROE.
- Execute phishing campaigns in conjunction with the penetration testing to gain a foothold into the network.
- Develop and present a final out brief to discuss the findings of the mission, trends observed, and any recommendations/mitigation actions which need to be executed.
- Responsible for securing all equipment and coordinate with shipping personnel to ensure equipment returns to home station.
- Execute high-risk web assessments, non-notice penetration testing of assets, on-demand testing of network devices, and other activity required to assess the defensive posture of the targeted network.
- Execute research to develop payloads used during penetration testing and/or phishing that emulates the current threats to the Army networks, to test whether defensive devices will detect this activity proactively rather than identifying failures during an actual attack from external adversaries.
- Disseminate information to the CDO and Threat and Data Analytics (T&DA) branches, as well as RCC-CONUS Operations to allow defensive measures to be enacted to increase the defensive security posture within the CONUS Theater.
Education & Experience
- BA /BS or an MA/MS preferred from an accredited university (required)
- Minimum of 12+ years of related IT experience (required)
- Substitution Allowance (MA/MS with 10+ years’ experience can be substituted for above requirements)
- Professionally certified as Technical Level III as defined by DODI 8570 is a requirement. (P: CISSP-ISP E: IAT III)
- Top Secret/SCI clearance (Required)
- US Citizen or permanent resident
Other (Travel, Work Environment, Administrative Notes, etc.)
- Travel to CONUS and OCONUS locations to meet mission requirements and undergo training maybe required. The support outside Fort Huachuca, AZ including OCONUS if required, will be designated as TDY.
EOE AA M/F/Vet/Disability
EEO is the Law: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf
DoD 8570.01.M: http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf
This job has expired.