Computer Network Defense (CND) - Detect -TS/SCI - Colorado Springs

General Dynamics Information Technology     Colorado Springs , Colorado 80901
JOB ID: 2017-24705




Job Description

Mission Statement: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.

Monitor Splunk for Alerts Monitor HBSS Monitor Fidelis Monitor IDS Develop Indicators for detecting Monitor Network Flows Review Device Logs Monitor DCO and Cybercom chat rooms for new indicators Initial Triage for Detected Incidents Daily Status report for Open Incidents Maintain Daily Operations Log for Incident Detection

1. Develop content for Computer Network Defense (CND) tools Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources

2. Coordinate with enterprise-wide computer network defense (CND) staff to validate network alerts Monitor external data sources (e.g., computer network defense [CND] vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of CND threat condition and determine which security issues may have an impact on the enterprise

3. Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment

4. Perform computer network defense (CND) trend analysis and reporting

5. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

6. Provide daily summary reports of network events and activity relevant to computer network defense (CND) practices

7. Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts

8. Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities

9. Use computer network defense (CND) tools for continual monitoring and analysis of system activity to identify malicious activity

10. Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information

11. Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)

12. Determine appropriate course of action in response to identified and analyzed anomalous network activity Conduct tests of information assurance (IA) safeguards in accordance with established test plans and procedures

13. Determine tactics, techniques, and procedures (TTPs) for intrusion sets

14. Examine network topologies to understand data flows through the network

15. Recommend computing environment vulnerability corrections

16. Identify and analyze anomalies in network traffic using metadata

17. Conduct research, analysis, and correlation across a wide variety of all source data sets (e.g., indications and warnings)

18. Validate Intrusion Detection System (IDS) alerts against network traffic using packet analysis tools Triage malware

19. Identify applications and operating systems of a network device based on network traffic

20. Reconstruct a malicious attack or activity based on network traffic

21. Identify network mapping and operating system fingerprinting activities

Must be DOD 8570 CND-IS with in 90 days of hire Must possess and maintain a US TS/SCI Security Clearance


Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.


5-8 years of related experience in data security administration.

1. Must be capable of obtaining and maintaining a TS/SCI Security Clearance
2. Must be able to achieve Security+ CE Certification (or equivalent) within 90 days of hire for positions requiring elevated privileges and ITIL V3 Foundation within six months of hire.
3. Additional specific certifications may be required, depending on job assignment.
4. The work is typically performed at client site locations, which requires proper safety precautions; work may require some physical effort in the handling of light materials, boxes or equipment.
5. This position may be required to complete short-term deployments to austere locations worldwide.Requests for reasonable accommodations will be considered to enable individuals with disabilities to perform the principal (essential) functions of this job.
6. The above job description is not intended to be, nor should it be construed as, exhaustive of all responsibilities, skills, efforts, or working conditions associated with this job.

As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.

Security:Top Secret/SCI

Location: Colorado Springs, CO - Colorado