Secure Division Manager
Secure Division Manager
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 80000 - 128000
1 Vacancy
Job Description
Responsibilities
Secure Division Support. The GCC provides CSSP responsibilities and conducts DODIN Operations and DCO Internal Defensive Measures (IDM) to protect the DODIN IAW the DoDM 8530.01 and the DoD Cybersecurity Services Evaluator Scoring Metrics (ESM). These responsibilities are broken into five 5 CSSP functions; Identify Protect Detect Respond and Recover. GCC is responsible to conduct these functions for its assigned portion of the DODIN for both unclassified and classified networks/ systems. The division provides support services for the protection monitoring analysis detection and response to unauthorized activity within the DoD Information Systems and Networks. DCOIDM services are required to defend against unauthorized activity on all Army assets residing on the NIPRNet and SIPRNet. The division provides defensive measures to protect and defend information computers and networks from disruption denial degradation or destruction. The division provides sensor management and event analysis and response for network and hostbased events. For sensor management the division provides management of inline Network Intrusion Protection System/Network Intrusion Detection System (NIPS/NIDS) sensors monitoring all CONUS DoDINA NIPRNet and SIPRNet Enterprise traffic to detect sensor outages and activities that attempt to compromise the confidentiality integrity or availability of the network. In coordination with GCC Operations DCO initiates defensive security procedures upon detection of these attacks. Event analysis and response includes the processes involved with reducing multiple cyber incidents to actual malicious threat determinations and mitigating those threats IAW guidance received from GCC Government leadership. Support the Government in providing services for CSSP services on both the NIPRNet and SIPRNet IAW Appendix E: Secure Division Workload Assessment in support of the CONUS portion of the DoDINA. Develop reports and products both current and longterm in support of CSSP and course of action development. Prepare Tactics Techniques and Procedures (TTP) SOPs Executive Summary (EXSUMS) trip reports and information/point papers. Contribute during the preparation of agreements policy and guidance documentation such as Memorandums of Understanding / Agreement (MOU/A) Service Level Agreements (SLA).
Cyber Defense Operations (CDO) Support. Provide sufficient staffing to maintain onsite capability IAW PWS paragraph 5.4: Place of Work and Work Hours to work directly with GCC Operations personnel in conducting initial triage/cyber incident analysis to include review correlated events system/device logs and SIEM event data to determine and recommend/take immediate DCOIDM response actions. Immediate response actions can include submission of a cyberincident response ticket making an initial determined category of cyber incident (IAW Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510 and/or notifying DCO/ARCYBER/Higher Headquarters IAW Commanders Critical Information Requirements (CCIR) reporting requirements. All other CDO operations must have an oncall capability to take actions as required to respond to cyber incidents IAW policy and/or Government direction.
Response Analysis. Collaborate with the Government to develop staff coordinate and execute Cyber Incident Response investigations for the operational environment (unclassified and classified) per CSSPD (and/or ARCYBER/Higher Headquarters) Government leadership guidance. Investigations shall address each predetermined category of cyber incident (IAW CJCSM 6510.01B) detected (internally or externally reported); address priorities and types of internal defensive measures and potential mitigation strategies to be employed (acceptable level of risk); include applicable aspects of the most current Cybersecurity Services Evaluator Scoring Matrix.
Defensive Cyber Assessment (DCA) Support. The DCA Branch within the CSSPD is responsible for conducting both local and remote penetration testing designed to emulate current threat models to the Army network to execute an assessment of the defensive security posture. Evaluate for acceptance new penetration testing TTPs (new tool usage or adversary TTP) as required for inclusion on approved penetration tools list. Maintain documentation and howtouse guides for all vetted penetration testing (PT) tools.
NDA Support. Although Theater Cyber Protection Teams (CPTs) execute most NDA mission Provide support the Government in the of an NDA event.
PPT Support (conducted from home station). Support the Government in the of approximately two 2 PPT missions per month (historically) or as required on all supported networks to identify potential weaknesses and network deficiencies by circumventing the defensive posture to gain access onto the network. PPT missions include highrisk web vulnerability assessments non/limited notice penetration testing of assets phishing assessments/campaigns and other activity designed to identify vulnerabilities on the CONUS networks. PPTs also include opensource research of vulnerabilities exploits and other related activity. Prepare and provide a final report detailing the activity executed vulnerabilities and/or weaknesses identified during the assessment and recommended mitigation actions to improve the defensive posture of the targeted network.
PPTs shall also include of phishing assessments/campaigns with CONUS Theater stakeholders and their subordinate commands.
Web Assessment Support. Support the Government in the of web assessments of all registered public facing web sites (historically 2000 per year) within the CONUS Theater.
Threat and Data Analysis.
Forensics and Malware Analysis.
Defensive Cyber Infrastructure (DCI) Support.
SIEM Tool Support.
Sensor Security Event Management.
CSSP Support Services.
Qualifications
Basic Qualifications:
- 6 years of experience may have lead experience
- Certifications: Information Technology Infrastructure Library Managers Expert Certificate or higher. DCWF Code 431 Intermediate: CompTIA Security or Systems Security Certified Practitioner (SSCP)
- Must have and maintian a Secret Clearance
- Experience managing a team of technical professionals in an IT service deskoriented environment
- Experience in the management of the Information Technology (IT) infrastructure within an organization including the physical network (e.g. LANs/WANs servers terminals) as well as server applications and software
Peraton Overview
Peraton is a nextgeneration national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit peraton to learn how were keeping people around the world safe and secure.
Target Salary Range
EEO
Required Experience:
Manager
Employment Type
Full-Time
