Security Analyst, Security Operations Center

Come be a part of something big! Smart Minds, Cool Jobs and Awesome Rewards! Fueled by innovation, talent and ambition, the Air Force Civilian Service (AFCS) is seeking civilian professionals prepared to deploy war-winning capabilities for the United States Air Force and Space Force.

The Air Force Civilian Service (AFCS) is looking for a Full-Time, Information Technology (IT) Specialist (INFOSEC), (GS-2210-12) to serve as a Security Analyst, Security Operations Center at Headquarters Air Force (HAF), Directorate of Manpower, Personnel, and Services (A1), Digital Transformation Activity (DTA) at Joint Base San Antonio – Randolph, in Universal City, Texas.

Salary range: $89,924 – 116,906 based on experience.

This position has the authority to set Advance In-Hire Rates for Cyber Workforce Positions.

Up to 20% telework is possible. Remote work is NOT authorized.

This position can close at any time. Apply Now!

In this role, you protect the organization’s computer systems and networks from security breaches. They develop and implement security policies and procedures and respond to security incidents. To perform technical work in support of the A1 DTA Security Operations Center (SOC) incident management and continuous monitoring. The purpose of which is to ensure the A1/DTA and its applications are protected and defended against potential threats and/or accidental misconfiguration. This position will perform multiple duties as a member of the SOC's Incident Management, Continuous Monitoring Section, ensuring all A1/DTA related security events and incidents are analyzed, tracked, resolved, documented, and reported IAW DoD and AF incident response directives. Performs security operations incident management tasks for unit's Security Operations Center. Provides technical expertise in the implementation and use of cyber defense tools and processes used to maintain the security of the A1/DTA in a commercial cloud environment. Serves as a security operations continuous monitoring specialist for unit's Security Operations Center. Develops, documents and oversees comprehensive Continuous Monitoring Strategy (CMS) that documents the roles, responsibilities, tools, and processes required to manage vulnerabilities, configuration changes (A1/DTA environments, systems, accounts, etc.), and logs. Evaluates emerging security operations tools and technology and their effect in a complex cloud operating environment. Recommends potential ways to incorporate tools and technology across the incident management life-cycle.

Qualifications/Requirements

• Must be a U.S. Citizen
• Must be able to obtain & maintain a “Secret” Security clearance.
• Knowledge of common cyberdefense security systems, tools, and methods used in a Security Operations Center to effectively detect, triage and respond to security events and incidents.
• Knowledge of cyberdefense incident management and principles, practices, concepts and methods to prepare and protect A1 Virtual Data Center (VDC) assets through effective planning, analysis, reporting, and response actions.
• Knowledge of the functionality and operations of commercial cloud operating environments sufficient to determine security requirements and integrate them with overall design and characteristics of incident management and continuous monitoring tools and programs.
• Knowledge of continuous monitoring, change control and measurement methods required to evaluate the security posture of A1 VDC assets and detect potential threats and/or security incidents. Includes establishing required baselines and reviewing logs and other source data to recognize threat indicators.
• Ability to analyze and investigate cyber threats and develop vulnerability management plans to defend the A1 VDC and its components. This includes documenting and responding to external threat notifications, developing and delivering situational awareness reports, and coordinating multi-organization technical support activities throughout the full spectrum of Cyber Protection Condition (CPCON) Operations.
• Ability to analyze and investigate threat data and recommend appropriate actions to mitigate or eliminate threats and vulnerabilities.
• Ability to evaluate system and network anomalies such as security logs and coordinate appropriate response actions.
• Skill in applying security operations center plans and policies.
• Skill in relating considerations or facets of the work to the overall project, such as evaluating new security operations enhancements to existing systems and the potential impact on the operational environment.
• Cyberspace Qualification is a condition of employment. This position includes Cyberspace work as a paramount duty requirement. Per Department of Defense Manual (DoDM) 8140.03, para 4.2.a.(2)., requires foundational qualification requirements within 9 months of assignment to a cyberspace work role and resident qualification requirements within 12 months of assignment to a cyberspace work role. A waiver of these requirements may be granted per DoDM 8140.03. Failure to achieve and maintain the proper Cyberspace Qualification may result in removal from this position. You will be evaluated for this job based on how well you meet the qualifications above.
  
  

Your application package (resume, supporting documents) will be used to determine your eligibility, and qualifications.

Click the apply button to complete an application and upload resume (PDF or Word Doc) and/or additional documents (Transcripts, certifications, Vet Docs (DD214), SF-50).

To receive additional information about current and future job openings with AFCS via email notification, please register at www.Afciviliancareers.com and sign up to “Get Career Updates.”

AFCS is Equal Opportunity Employer. U.S. citizenship required. Must be of legal working age.