Alternate Subject Matter Expert

Aurora Buckley Space Force Base - Buckley SFB, CO 80011

Salary Range: $120,000.00 - $145,000.00

Position Type: Full Time

Education Level: 4 Year Degree

FEDITC, LLC is a fast-growing business supporting DoD and other intelligence agencies worldwide. FEDITC develops mission critical national security systems throughout the world directly supporting the Warfighter, DoD Leadership, & the country. We are proud & honored to provide these services.

FEDITC is seeking a Defensive Cyber Operations (DCO) Subject Matter Expert (SME) to support the United States Space Force (USSF) Mission Delta 6 (D6) Defensive Cyber Operations (DCO) contract located at Buckley Space Force Base (SFB), Aurora, CO. The DCO SME is a well-rounded, hands on cyber security expert and is an advisor who supports development, improves proficiency, and increases operational effectiveness of USSF Cyber Squadron personnel by: providing/employing DCO capabilities, conducting intrusion detection monitoring and analysis, identifying malicious cyber activity and determining attack vectors, executing cyber response activities, developing defensive countermeasures, and providing Subject Matter Expertise to the United States Space Force Cyber Guardians.

United States Citizenship and an active Top Secret/SCI DoD Security Clearance are required to be considered for this position.

• Analyze cyber incidents, correlate incident details, and formulate response actions
• Assist with the planning of threat hunt missions using the Plan, Brief, Execute, Debrief (PBED) process
• Provide recommendations for tuning IDS/IPS alerts and maximizing the capability of existing tools while suggesting additional tools to enhance capability
• Provide mentorship to Space Force Guardians for monitoring government‑provided Defensive Cyber Operations (DCO) tools and systems
• Conduct after‑action processes to capture efforts taken to mitigate unauthorized actions
• Participate in the development of DCO Tactics, Techniques, and Procedures (TTPs)
• Assist in the development of DCO concept of operations, processes, and procedures
• Identify security discrepancies and report security incidents
• Provide expert research and analysis in support of expanding programs and areas of responsibility
• Maintain proficiency by performing DCO crew operations for assigned space mission systems
• Develop operational and technical materials to aid in increasing the proficiency of the crews
• Provide cyber defense remediation and mitigation implementation recommendations in support of all incidents/events
• Provide support for all Operational Planning Teams (OPTs) and crew shift planning processes. Support includes participating in the planning process, recommending course of action (COAs), and validating the technical approach to meet mission objectives
• Draft and validate the accuracy of squadron‑level DCO TTPs; Standard Operating Procedures (SOPs); Operational Instructions (OIs); as well as DCO Crew operations products, evaluation, and other related materials
• Conduct analysis on new DCO‑Space capability releases to assess new functionality and inform employment for mission execution
• Attend meetings, teleconferences, and Video Teleconferences (VTCs) at the Unclassified, Secret, and TS/SCI level (as required)
• Provide recommendations for exercises and mission rehearsals
• Provide expertise for DCO‑Space capabilities, to include Security Incident and Event Management (SIEM); Intrusion Detection and Prevention Systems; ELK (Elasticsearch, Logstash, and Kibana) Stack; Endpoint Protection Systems; Security Orchestration, Automation and Response (SOAR); Firewalls; Log Aggregator; Protocol Analyzers; Vulnerability Assessment Tools
• Augment and advise the crews performing intrusion detection monitoring and analysis
• Provide input and review Cyber 9‑Line, and review the accuracy of cyber incident inputs for SITREP and MISREP
• Advise and assist with cyber incident response processes IAW squadron policies and procedures, to include:
  • Assist in providing in-depth analysis of incidents by determining the incident’s nature, formulating recommended response actions, correlating event and incident data across assigned space mission systems, determining actions to be taken, and assessing possible effects on assigned mission systems
  • Participate in Government‑established Cyber Incident Response Teams (CIRTs) and provide technical assistance in determining the cyber events/incident’s nature and impact to space mission systems; develop and recommend mitigation and/or remediation COAs; ensure mission system owners/operators and leadership have situational awareness of active response activities via recurring status reports and/or update briefs
  • Provide technical expertise in the creation of recommendations for Courses of Action (COA), along with suggested timing and sequencing of actions to mitigate and/or remediate cyber threats to space mission systems
  • Participate in post‑incident hot washes and lessons learned processes as required by the Government
  • Recommend cyber incident response best practices to improve TTPs, processes, and policies
  • Provide recommendations on how to optimize DCO‑Space capabilities best, to include countermeasure development (i.e., signatures, rules, policies, etc.) for defensive sensors and capabilities deployed on space mission system networks and endpoints to eliminate false positives; prioritize actionable alerts; and provide enhanced correlation accuracy for cyber incidents, events, trends, and behaviors
  • Assist and support CYS Government personnel on how to identify, document, and track regular baseline activity for assigned space mission systems by monitoring, collecting, and analyzing space mission system data traffic; and reviewing, auditing, and analyzing network and endpoint logs
  • Assist and support CYS Government personnel in performing Mission Relevant Terrain – Cyber (MRT‑C) identification and mapping, leveraging Functional Mission Analysis – Cyber (FMA‑C) concepts for assigned space mission systems
  • Assist and support CYS Government personnel on how to conduct cyber missions, to include Survey, Recon, Escort, Hunt, Strike, Recover, and others on assigned space mission systems to detect, track, and disrupt Advanced Persistent Threats (APTs) that evade existing cybersecurity controls and detection capabilities
  • Provide inputs to the post‑mission analysis process for Cyber missions as required by the Government

Required Qualifications:

• Must have one (1) of the following, Educational, DoD/Military Training courses or Certifications:
  • Education: BS degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering, from an ABET‑accredited or CAE‑designated institution
  • DOD/Military Training Courses: 4C-255S (CP), M03385G, M10395B, M223854, A-531-0451, A-531-4421, A-531-1900, Cyber Defense Analyst (Intermediate) Playlist, DISA (511) Training, 4-11-C32-255S (CP), 4C-255N (CP), 4C-255A (CP), M0923W1, A-531-4417, DCWF WRC 511 Cyber Defense Analyst (Advanced) Playlis
  • Certifications: CEH(P), GMON, GRID, Cloud+, FITSP‑O, GCED, GDSA, GSEC, PenTest+, Security+, CBROPS, CFR, CySA+, GCFA, GCIA, or GICSP
• Six (6) years of hands‑on SOC Cyber Security Analyst work experience using SIEMs, IPD/IDS, rule tuning tools, or equivalent (ISSO/RMF/IA/System Admin cyber analyst experience does not qualify)
• Hands‑on Experience with most of the following tools: ELK Stack, Kibana, Teleseer, Suricata, Splunk, Snort, Wireshark, Bro/Zeek logs, TCPdump, editcap, Carbon Black, bash scripting, Python, EDR/XDR Tools, as well as Network Security tools related to Cisco/Palo Alto/Juniper/Aruba/Garland. Preferably, engineering experience directly with these tools
• Experience performing Continuous Cybersecurity Monitoring, Intrusion Detection, and Cyber Incident Response

Preferred Qualifications:

• Eight (8) + years total of relevant cybersecurity experience

Preferred Experience:

• Prior Experience working for or supporting in a direct capacity, a Cyber Security Service Provider (CSSP), Security Operations Center (SOC), Network Operations and Security Center (NOSC), and/or military Cyber Protection Team (CPT)
• Knowledge of cyber threat intelligence, network security, risk management, and incident handling
• Strong analytical and problem‑solving skills to support cybersecurity operations
• Familiarity with classified DoD cybersecurity environment
• Familiarity with Space Operations is highly desired

• Active TS/SCI clearance is required.
• Must be a United States Citizen and pass a background check.
• Maintain applicable security clearance(s) at the level required by the client and/or applicable certification(s) as requested by FEDITC and/or required by FEDITC’S Client(s)/Customer(s)/Prime contractor(s).

• PTO
• Holiday Pay
• 401K with a 4% Match
• Medical Insurance
• Dental Insurance
• Vision Insurance
• Group Life & AD&D
• Voluntary Life AD&D
• Short‑term Disability
• Long‑term Disability
• Health Savings Account
• Flexible Spending Account (Health and Dependent)
• Critical Illness Insurance
• Accident Insurance
• Hospital Indemnity Insurance
• Employee Assistance Program (EAP)

FEDITC, LLC. is committed to fostering an inclusive workplace and provides equal employment opportunities (EEO) to all employees and applicants for employment. We do not employ AI tools in our decision‑making processes. Regardless of race, color, religion, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran, FEDITC, LLC. ensures that all employment decisions are made in accordance with applicable federal, state, and local laws. Our commitment to non‑discrimination in employment extends to every location in which our company operates.