What are the responsibilities and job description for the Incident Response Officer (Intermediate) position at BRS?
STS Systems Support, LLC (SSS) is seeking an Incident Response Officer (Intermediate) to support our mission at Lackland AFB in San Antonio, TX.
Requirements:
SSS is an Equal Opportunity Employer. Employment decisions are made without regard to any protected category. Hiring preference will be given to BBNC shareholders, their spouses and descendants and Alaska Natives in accordance with Public Law 93-638
Requirements:
- DoDD 8570.01‐M/8140.01 I AT Level III CND
- Active TS/SCI
- Extensive knowledge of network firewalls, computer and server log analysis, computer network servers (DNS, proxy, e‐mail, domain controller, file server, Active Directory) and analysis of their logs; extensive knowledge of digital evidence collection, handling and security
- Experience with computer incident response and analysis and report dissemination
- Extensive knowledge and experience with network packet capture and analysis software such as WireShark (Ethereal) and Snort
- Experience with standard DoD network topology and DMZ boundary protection
- Experience with system analysis software (i.e. EnCase/EnCase Enterprise or FTK), software coding and debugging, and the virtual machine (VM) environment.
- Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
- BA/BS or MA/MS
- Upon identification of suspicious activity on AF networks, open network intrusion investigation(s) to validate the unauthorized activity and determine the type and extent of activity.
- Participate and contribute to lessons learned meetings and briefings.
- When CAT events are escalated to incident response, complete incident response process, including: preparation, identification and scoping, containment, eradication and remediation, recovery, and lessons learned.
- Upon identification of suspicious activity on AF networks, open network intrusion investigation(s) to validate the unauthorized activity and determine the type and extent of activity.
- Provide AF Office of Special Investigations (OSI) DCO technical support to law enforcement and counter‐intelligence agencies and activities if required.
- Support planned and same‐day Incident Response deployments.
- Comply with 3rd party MOU/MOA monitoring and reporting requirements. Analyze host DCO events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities. (CDRL A002)
- Conduct cyber investigations in order to determine the initial vector and overall timeline of intrusion, accurately identify the threat, determine the full scope of impact, and develop containment and remediation actions for approval.
- Author and review incident report forms (IRF) for security incidents within JEMS. Ensure the document is accurate and provides the correct amount of technical detail needed. (CDRL A008)
- Provide AF Office of Special Investigations (OSI) DCO technical support to law enforcement and counter‐intelligence agencies and activities if required.
- Generate end of mission reports (MISREPS) and provide pass‐on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no more than a 5% error rate.
- Generate end of mission reports (MISREPS) and provide pass‐on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no more than a 5% error rate.
- Provide computer security‐related support to AF field units (examples: 688 Cyber Wing Squadrons, Base Communications Squadrons, Mission Defense Teams), as directed by CCC, in countering vulnerabilities, minimizing risk, and improving the security posture of AF computers networks and systems within the scope of AFIN SOC operational requirements and mission execution.
- Initiate emergency checklists due to imminent threat, as directed by Crew Commander. Call emergency responders (Security Forces/Fire Department etc.) if needed via 911. The Crew Commander is responsible for all official reporting.
- Inform Crew Commander for all anomalies to include, but not limited to: utility outages, flooding, sick/missing members, or any other irregularity with the potential to adversely impact the mission.
- Participate in planning, briefing, and debriefing tasks as directed by CDO Mission Lead or Crew Commander.
- Provide feedback on detection mechanisms that are both true and false positive events to ESM and Content Development as applicable.
- When assigned as CDO Mission Lead, assign tasks to CDOs as prioritized by the Crew Commander, accounting for all required mission systems and functions.
- Design incident response plans (IRP) as directed by the Crew Commander. Ensure CDOs are briefed on objectives, ROEs, plans, contingencies, and applicable TTPs.
- Accomplish assigned weapon system access, ORM, Go/No Go, reports, TTP updates, and TAR submissions.
- Coordinate with CDO, FMA, DCC, ESM, CTE&A, and intelligence as required. Provide force presentation recommendations to Crew Commander.
SSS is an Equal Opportunity Employer. Employment decisions are made without regard to any protected category. Hiring preference will be given to BBNC shareholders, their spouses and descendants and Alaska Natives in accordance with Public Law 93-638
