Cyber Defense Operator (CDO)

About The Position

Requirements

• Active TS/SCI Level Clearance.
• Active IAT Level II Cert (ex: CompTIA Security+).
• Ability to gain the CSSP Incident Responder Certification (GCFA) within 120-days of hire date.

Nice To Haves

• 3+ years of relevant technical, cyber security, and business work experience.

Responsibilities

• Complete incident response process, including: preparation, identification and scoping, containment, eradication and remediation, recovery, and lessons learned when CAT events are escalated.
• Open network intrusion investigations to validate unauthorized activity and determine its type and extent upon identification of suspicious activity on AF networks.
• Provide AF Office of Special Investigations (OSI) DCO technical support to law enforcement and counter-intelligence agencies and activities if required.
• Participate and contribute to lessons learned meetings and briefings.
• Support planned and same-day Incident Response deployments.
• Comply with 3rd party MOU/MOA monitoring and reporting requirements.
• Analyze host DCO events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities.
• Conduct cyber investigations to determine the initial vector and overall timeline of intrusion, accurately identify the threat, determine the full scope of impact, and develop containment and remediation actions for approval.
• Author and review incident report forms (IRF) for security incidents within JEMS, ensuring accuracy and appropriate technical detail.
• Generate end of mission reports (MISREPS) and provide pass-on information for knowledge transfer to subsequent crews of analysts regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc., with no more than a 5% error rate.
• Provide computer security-related support to AF field units as directed by CCC, in countering vulnerabilities, minimizing risk, and improving the security posture of AF computers networks and systems within the scope of AFIN SOC operational requirements and mission execution.
• Participate in planning, briefing, and debriefing tasks as directed by CDO Mission Lead or Crew Commander.
• Provide feedback on detection mechanisms that are both true and false positive events to ESM and Content Development as applicable.
• Design incident response plans (IRP) as directed by the Crew Commander, ensuring CDOs are briefed on objectives, ROEs, plans, contingencies, and applicable TTPs.
• Accomplish assigned weapon system access, ORM, Go/No Go, reports, TTP updates, and TAR submissions.

Benefits

• Medical
• Dental
• Vision
• Unlimited Vacation
• Sick Leave
• Paid Federal Holidays
• Education and Certification Reimbursement Program
• 401(k) retirement plan with safe harbor employer match after 3 months
• Prepaid legal plan and ID protection plan available
• Accident Insurance
• Critical Illness Insurance
• Hospital Indemnity Insurance available