Cyber Defense Incident Responder

QUALIFICATIONS:

• Knowledge of computer networking concepts and protocols, and network security methodologies.

• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

• Knowledge of cybersecurity principles.

• Knowledge of cyber threats and vulnerabilities.

• Knowledge of specific operational impacts of cybersecurity lapses.

• Knowledge of authentication, authorization, and access control methods.

• Knowledge of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.

• Ability to interpret and incorporate data from multiple tool sources.

• Knowledge of computer networking concepts and protocols, and network security methodologies

• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

• Knowledge of cybersecurity principles.

• Knowledge of cyber threats and vulnerabilities.

• Knowledge of specific operational impacts of cybersecurity lapses.

• Knowledge of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.

• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.

• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

• Knowledge of network traffic analysis methods

• Skilled in deep packet inspection (DPI), anomaly detection, and traffic pattern analysis using tools like Zeek, Wireshark, NetFlow, and PCAP replay environments

. 4 years of experience in the conducting incident handling/response, cyber threat hunting, Computer forensics, Cyber Network Defense and Analysis

. Bachelor's Degree or Higher in Cybersecurity, Computer Science or related field

. 8140/DCWF Certification

. GIAC Certified Forensic Analyst (GCFA)

. Security Clearance: Top Secret/SCI with potential for higher read-ins

Want to learn more about our Government Services team? Check us out on our platform:

https://www.wwt.com/public-sector https://www.wwt.com/government-services

The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:

. Health and Wellbeing: Health, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program

. Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement

. Paid Time Off: PTO & Holidays, Parental Leave, Sick Leave, Military Leave, Bereavement

. Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program

We strive to create an environment where all employees are empowered to succeed based on their skills, performance, and dedication. Our goal is to cultivate a workplace culture that encourages innovation, collaboration, and respect for all team members, ensuring that WWT remains a great place to work for All!

Preferred locations: San Antonio, TX or surrounding area

Why WWT?

Founded in 1990, World Wide Technology (WWT), a global technology solutions provider leading the AI and Digital Revolution, with $20 billion in annual revenue, combines the power of strategy, execution and partnership to accelerate digital transformational outcomes for large public and private organizations around the world. Through its Advanced Technology Center, a collaborative ecosystem of the world's most advanced hardware and software solutions, WWT helps customers and partners conceptualize, test and validate innovative technology solutions for the best business outcomes and then deploys them at scale through its global warehousing, distribution and integration capabilities.

With over 10,000 employees and more than 55 locations around the world, WWT's culture, built on a set of core values and established leadership philosophies, has been recognized 13 years in a row by Fortune and Great Places to Work® for its unique blend of determination, innovation and creating a great place to work for all.

Want to work with highly motivated individuals on high-performance teams? Join WWT today!

What is the SC&E and Government Services Team and why join?

Solutions Consulting & Engineering is an organization that is Customer Focused and Solutions Led. We deliver end-to-end (E2E) and emerging solutions to drive customer satisfaction, increase profitability and growth. Our success is enabled by our world-class management consulting, delivery excellence and engineering brilliance. We embody the OneWWT mindset by bringing the right talent at the right time from anywhere within WWT to solve our customer's problems. Our goal is to bring together business acumen with full-stack technical know-how to develop innovative solutions for our clients' most complex challenges.

Location: Lackland AFB, San Antonio TX

What will you be doing?

You will support the requirements of the 33 Cyber Operations Squadron (33 COS) in efforts to provide incident response on alerts from systems newly aligned to the Air Force Cyber Security Support Provider (CSSP)

RESPONSIBILITIES:

• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.

• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.

• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).

• Coordinate with enterprise-wide cyber defense staff to validate network alerts.

• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.

• Identify and analyze anomalies in network traffic using metadata.

• Identify applications and operating systems of a network device based on network traffic.

• Perform cyber defense trend analysis and reporting.

• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.

• Ability to interpret and incorporate data from multiple tool sources.