Cyber Defense Operator

About The Position

Requirements

• Active Top Secret clearance with SCI eligibility
• CompTIA Security+ certification
• Experience in cyber defense, network security, or Security Operations Center (SOC) environments
• Working knowledge of:
• IDS/IPS systems, SIEM platforms, network protocols and traffic analysis
• Strong analytical, problem-solving, and decision-making skills
• Ability to operate effectively in a high-tempo, mission-critical environment

Nice To Haves

• Familiarity with DoD cyber operations
• Experience supporting Air Force network environments

Responsibilities

• Defensive Cyberspace Operations (DCO)
• Plan, implement, and execute AFCERT-directed defensive cyberspace operations, including:
• Continuous monitoring and analysis of network traffic, alerts, and events
• Operation and analysis of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
• Detection and mitigation of malicious or anomalous activity
• Incident response, containment, and remediation actions
• Cyber Monitoring & Analysis
• Perform near real-time monitoring of security events across Air Force systems
• Review and analyze IDS/IPS alerts, SIEM data, and system logs
• Correlate network activity with intelligence sources to identify threats
• Conduct initial assessments of intrusions including scope, impact, and threat type
• Incident Response & Threat Mitigation
• Perform rapid alert triage and determine appropriate response actions
• Isolate, contain, and mitigate cyber threats on Air Force networks
• Execute approved response actions across systems, endpoints, and network components
• Escalate incidents in accordance with established procedures
• Event Documentation & Reporting
• Accurately document incidents (who, what, where, when, and why)
• Maintain case records in mission systems for follow-up and investigation
• Generate Mission Reports (MISREPs) and deliver shift turnover briefings
• Track and report performance metrics including incident volume and response effectiveness
• Threat Intelligence & Analysis
• Analyze threat intelligence and map adversary activity to frameworks such as MITRE ATT&CK
• Provide feedback to improve detection accuracy and reduce false positives
• Training & Continuous Improvement
• Provide on-the-job training (OJT) to team members
• Maintain continuity documentation and operational aids
• Develop and refine tactics, techniques, and procedures (TTPs)
• Recommend improvements to processes, tools, and systems
• Mission Operations & Coordination
• Support mission leads and crew commanders with execution and prioritization
• Participate in mission planning, briefings, and debriefings
• Maintain situational awareness and report anomalies impacting mission readiness
• Facility & Security Support
• Conduct periodic physical security checks of operational areas
• Initiate emergency procedures when required
• Report facility or operational anomalies to leadership
• DCO Functional Area Support
• Operators may support one or more of the following areas:
• Network Detection & Monitoring
• Incident Response & Forensics
• Signature Management
• Weapons & Tactics Development
• Content Development
• Training & Curriculum Development
• Standards & Evaluations
• Host-Based Detection
• Operational Processes & PEX Management
• Continuity of Operations (COOP)