DCO Analyst

About The Position

Requirements

• An AA or Bachelor’s Degree in a related technical field is required, however, can be replaced with 3 years of relevant industry experience (in addition to the minimum years of experience requirement).
• Minimum three (3) years of experience in cybersecurity analysis, threat detection, or related field.
• Experience with intrusion detection systems (IDS/IPS) and Security Information and Event Management (SIEM) platforms (e.g., Elasticsearch, Splunk).
• Knowledge of common attack vectors, malware analysis, and threat intelligence methodologies.
• Proficiency with vulnerability scanning tools (ACAS/Tenable) and endpoint security solutions (ESS/HBSS).
• Experience analyzing network traffic and security events on classified and unclassified networks.
• Familiarity with the MITRE ATT&CK Framework and cyber threat intelligence practices.
• Knowledge of TCP/IP protocols, network architecture, and common network services.
• Experience with log analysis, packet capture analysis, and security event correlation.
• ITIL Foundations certification required within three (3) months of start date.
• Certifications: IAT -I CompTIA Security +CE, A+, CySA+, SSCP, CCNA - Security, GICSP, GSEC
• TS/SCI Clearance required.

Responsibilities

• The DCO Team Analyst performs Security Analysis functions supporting 24/7/365 CSSP operations.
• Analysts monitor, detect, analyze, and respond to cyber threats targeting the DoD Information Network (DoDIN), utilizing signature detection, anomaly detection, and data visualization methods to discover, document, and report malicious and anomalous activity.
• Analyze results of signature detection, anomaly detection, and data visualization-based methods of discovering, documenting, and reporting malicious and anomalous activity as defined by DoD standards.
• Develop, implement, and maintain methods of detecting malicious and anomalous activity utilizing COTS, GOTS, and open-source tools.
• Analyze Government Furnished Data (GFD) to discover and document reconnaissance efforts, exploitation attempts, post-exploitation events, and actions on objectives.
• Track incident and event reporting to ensure fully effective mitigation and remediation actions.
• Utilize the MITRE ATT&CK Framework to develop, implement, and maintain threat models containing TTPs associated with threats to the DoDIN.
• Monitor DCSB and subscriber environments for technical indicators of insider threat activity.
• Support monthly recurrent briefings providing summative reports of vulnerability data, compliance data, threat data, incident reporting data, and alerting data.
• Conduct cyber attack response and recovery in accordance with DoD and Government instructions.
• Perform continuous monitoring of network traffic on NIPRNet, SIPRNet, DREN, and cloud environments.
• Develop and maintain detection signatures, rules, and alerts for security monitoring platforms.
• Coordinate with external threat intelligence sources and DoD cyber defense organizations.
• Document findings, analysis results, and recommended actions in accordance with CSSP reporting requirements.
• Support vulnerability scanning operations using ACAS/Tenable and endpoint security solutions (ESS/HBSS).
• Participate in incident response activities and forensic analysis as required.

Benefits

• Health/Dental/Vision
• 401(k) match
• Paid Time Off
• STD/LTD/Life Insurance
• Referral Bonuses
• professional development reimbursement
• parental leave