Cyber Security Analyst - Host Detection

CYBER SECURITY ANALYST - HOST DETECTION (JBSA-20-1915-W): Bowhead seeks a Cyber Security Analyst - Host Detection to support the AFCERT DCO HAC contract in San Antonio, TX. The ability of the 33 NWS to complete its mission is dependent upon the ability of conducting host security monitoring and intrusion detection analysis, utilizing the AF's selected Host Intrusion Prevention System (HIPS) tools and activities that are related to the 33 NWS ACD weapon system for mission execution. Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. Provide Host Based analysis/investigation of those systems defended by the AFCERT. This includes the analysis of Host Based IDS/IPS/EDR/EPP platform events, system logs, and memory with an intent to identify possible intrusions or malicious actions taken against the host in order to prohibit the Confidentiality, Integrity, and/or Availability of the system, data, and resources. • Conduct host security monitoring, alert review, and intrusion detection analysis for those systems defended by the AFCERT. • Develop, Review and Maintain procedures related to the overall monitoring of Hosts/Systems. • Analyze host DCO events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities. • Correlate suspicious events with network events if possible and data stored within databases and other resources. • Enter event data into mission support systems IAW AFCERT operational procedures and reports through the AFCERT chain. • Record suspicious events into the unit's suspicious events and or incident database. These records shall contain sufficient information to stimulate future analysis of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity. • Compile suspicious events records and other artifacts as part of its Monthly Operational Report as directed. • Provide pass-on information to bring incoming crews up to speed on latest suspicious traffic seen from a given port, IP, etc Or other relevant data with no more than a 5% error rate. • Create end of engagement reports describing engagement findings and analysis work. • Provide computer security-related support to AF field units (example: the Integrated Network Operations and Security Center (INOSC), Base Information Assurance (IA) shop) in countering vulnerabilities, minimizing risk, and improving the security posture of AF computers networks and systems within the scope of AFCERT operational requirements and mission execution. • Provide focused DCO, tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises. • Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate. • Create and document metrics for reporting and analysis to improve weapon system processes and mission execution. • Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. Bowhead seeks to network with qualified individuals relative to a potential opportunity, which is contingent upon award and not currently funded. Please click the link at the bottom of this posting to apply for consideration. Incumbent employees are encouraged to respond. No solicitations or third party applications will be accepted. Requirements In accordance with Executive Order 14042: Ensuring Adequate COVID Safety Protocols for Federal Contractors, candidates should be aware that they may be required to have received or be willing to receive the COVID-19 vaccine by date of hire. All job offers in connection with a covered contract may be contingent upon providing proof of vaccination prior to your anticipated start date. • 3+ years of experience in a role as part of a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) is highly desirable. • Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.). • Technical expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security. • Must have a good understanding how to build dashboards and custom queries in but not limited to HBSS, ACAS, Fidelis, IDS systems Incident Response. • Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects) Certification Requirements: • IAT Level III CND compliance. • GCFA or GCFE. SECURITY CLEARANCE REQUIREMENTS: Must currently hold a security clearance at the Top Secret/SCI level. US Citizenship is a requirement for Top Secret clearance at this location. Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC's Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant's resume/application may be subject to verification. Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes. UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act. All candidates must apply online at www.uicalaska.com, and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance (https://uicalaska.com/careers/recruitment/). UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar corporation recognized as one of the top 25 8(a) companies for government contracting. Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and state or contract required paid time off programs. Link to Apply: https://rn21.ultipro.com/UKP1001/jobboard/NewCandidateExt.aspx?JobID=25684 #LI-JR1