Brief Description:Network Defense Engineer to support Missile Defense Agency Tier 2 Cybersecurity Service Provider within the MDA Computer Emergency Response Team (CERT) on the JRDC program in Huntsville, AL. MDA CERT is expanding its operational presence to an Operating Location in Huntsville Alabama. Functional direction will be provided by the MDA CERT Detection Team lead located at MDIOC, Colorado Springs, CO. This position requires a Network Defense Engineer to conduct Network Intrusion Detection (NID) surveillance and Incident Response on Subscriber networks and maintain Situational Awareness (SA) of MDA-wide network security monitoring. Analyze security event audit log information from network security devices (e.g., network and host-based security systems, firewalls, routers, switches, etc.) and mission critical servers for anomalies and known attack patterns. Will support development/dissemination of Computer Network Defense (CND) Alert and Notification messages to warn Subscribers and provide guidance or countermeasures to defend against the threat. The candidate will also review data originating from or reflecting status of, ongoing intrusions or cyber security incidents and document the findings of apparent activities involved and any intrusive or damaging activity involving compromised hosts. Review/assess the cyber threat environment (including computer security threat assessments) for MDA Subscriber network applicability, and disseminate guidance to improve network defensive posture. Respond to cybersecurity incidents by reporting all pertinent information in local incident reporting database, and Department of Defense incident management system. Conduct digital forensic analysis and collect potential evidence, when directed by MDA CERT leadership, by analyzing content of compromised systems, documenting relevant findings, and/or identifying the tactics, techniques, and procedures used by an attacker to gain access. Preserve Forensic chain of custody for evidence when required and notified by the Government PM/APM. The candidate must have excellent technical report writing skills to accomplish required forensic and incident reports. The candidate will support the development, establishment, review and update of CND Detect and Respond procedures, Standard Operating Procedures, Internal Operating Processes, manuals, and other MDA Computer Emergency Response Team (CERT) documentation. The candidate will be required to support investigations relating to Counterintelligence and Insider Threat as well as law enforcement and other organizations when directed by MDA CERT leadership.
Required license or certification: