Cyber Protection Brigade, Information Technology Cybersecurity Specialist

Organization

U.S. Army Cyber Command

Duty Location

FORT EISENHOWER, RICHMOND, GA

Major Duties

The U.S. Army Cyber Protection Brigade (CPB), also known as the "Hunter" brigade, is the Army's premier cyber threat hunter. We hunt advanced adversaries to enable information advantage in multi-domain operations and maintain and defend strategic cyber infrastructure. We are comprised of 1,300-plus specially trained and mission-focused Soldiers and civilians who work as a cohesive team to drive cyberspace operations and impose cost on our nation's enemies.
The incumbent will serve as a Host Analyst for a U.S. Army Cyber Protection Team (CPT) in the U.S. Army Cyber Protection Brigade (CPB). The incumbent will have knowledge of system/server and host-based forensics to enable cybersecurity operations. The cyber role of a Host Analyst performs hunt, clear, enable hardening, as well as provide Cyber Threat Emulation (CTE) and Discovery and Counter-Infiltration (D&CI) capabilities.

• Install, operate, maintain, configure, test, and secure hardware and software-based Operating Systems (OS).
• Conduct in-depth analysis of host systems and servers for indicators of Malicious Cyber Activity (MCA), Insider Threat, or lack of best practices of Defensive Cyber Operations.
• Review host scan results to provide guidance, hardening recommendations, and system configuration best practices which enable local network/system owners to secure their environment against Malicious Cyber Activity (MCA).
• Recognize and/or develop signatures to identify indicators of compromise on client host systems/servers.
• Perform triage procedures on potentially malicious systems within mission parameters.
• Clear and defend critical assets, Mission Relevant Terrain (MRT) or Key Terrain - Cyber (KT-C) either remotely or by deploying to the affected location as needed.
• Develop Army/Department of Defense countermeasures, threat/vulnerability analysis, operational assessment and threat mitigation.
• Coordinate with local defenders and cybersecurity service providers (CSSPs) to develop methods for the timely and accurate reporting and implementation of recommended defensive countermeasures.

Qualifications/ Specialized Experience

To qualify, you must meet the education and/or experience requirements described below for each applicable grade level you wish to be considered. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student; social). You will receive credit for all qualifying experience, including volunteer experience. Your resume must clearly describe your relevant experience; if qualifying based on education, your transcripts will be required as part of your application. Additional information about transcripts is in this document. To qualify based on your experience, your resume must describe one year of specialized experience that demonstrates the possession of knowledge, skills, abilities, and competencies necessary for immediate success in the position. Such experience is typically in or directly related to the work of the position to be filled. Specialized experience would be demonstrated by:

GG-07: Assisting in performing surveys and evaluating network traffic to identify baselines, trends, anomalous traffic, and potential malicious cyberspace activities; and assisting in incident response process and threat mitigation and development of mitigations and threat countermeasures.

GG-09: Updating security patches in compliance with Cybersecurity policy/regulations; and collecting information from customers to be used in the restoration of network services.

GG-11: Detecting anomalies in host data; monitoring enterprise tools for potential intrusions; and mitigating threats by keeping tools up to date with the latest approved system and security releases.

GG-12: Installing, operating, maintaining, configuring, testing, and/or securing hardware and software-based operating System (OS) environments (for example Microsoft Windows and Linux); analyzing network or host data and devices to recognize anomalous behavior/artifacts; determining the stage(s) of an intrusion (for example using network and/or host artifacts, along with possible use of software, to determine what stage of the cyber kill chain that a potential adversary is in); and creating threat reporting and/or briefing based on analysis. The specialized experience must include, or be supplemented by, information technology related experience (paid or unpaid experience and/or completion of specific, intensive training, as appropriate) which demonstrates each of the four competencies, as defined:

• Attention to Detail: Is thorough when performing work and conscientious about attending to detail.
• Customer Service: Works with clients and customers to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations.
• Oral Communication: Expresses information effectively, taking into account the audience and nature of the information.
• Problem Solving: Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

EDUCATION:

GG-07 Substitution of Education for Experience: One full year of graduate level education from an accredited or pre-accredited institution in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management; or, graduate level education from an accredited or pre-accredited institution that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems, or networks.

GG-09 Substitution of Education for Experience: Master's or equivalent graduate degree or 2 full years of progressively higher level graduate education leading to such a degree from an accredited or pre-accredited institution in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management.

GG-11 Substitution of Education for Experience: Ph.D. or equivalent doctoral degree or 3 full years of progressively higher level graduate education leading to such a degree from an accredited or pre-accredited institution in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management.

GG-12: You must meet the qualification requirement using experience alone--no substitution of education for experience is permitted.

Conditions of Employment

• Appointment to this position is subject to a three year probationary period unless the appointee has previously met the requirements as described in Department of Defense Instruction 1400.25 Version 3005, Cyber Excepted Service, Employment and Placement.
• Must be able to obtain and maintain TOP SECRET eligibility with access to Sensitive Compartmented Information (SCI).
• This position is classified as Information Technology access level IT-I (Privileged User) and Sensitivity Matrix for Top Secret/ Sensitive Compartmented Information (SCI) is Special sensitive, Tier 5.
• Must successfully pass urinalysis screening for illegal drug use prior to appointment and periodically thereafter according to Amy Regulation (AR) 600-85, Alcohol and Drug Abuse Prevention and Control Program.
• May be required to successfully complete an initial and periodic Counter Intelligence-scope Polygraph (CI Poly) examination with No Deception Indicated (NDI).
• Personnel assigned to work in a National Security Agency (NSA) facility must be able to obtain and maintain access to National Security Agency (NSA) facilities and networks.
• Duties of this position may entail alternative work schedules (AWS) such as variable or MAXIFLEX, including extended shifts; 24/7 rotating shifts, nights, weekends, and/or holidays as required.

Additional Information

• If you are a current federal career/career-conditional employee, you will be placed on an excepted appointment.
• Male applicants born after December 31, 1959, must complete a Pre-Employment Certification Statement for Selective Service Registration.
• You will be required to provide proof of U.S. Citizenship.
• Direct Deposit of Pay is required.
• Must be able to obtain and maintain a Top-Secret security clearance.
• Incumbent must be able to obtain (within 6 months of appointment) and maintain the proper and current Information Assurance certification to perform Information Assurance functions in accordance with Department of Defense 8570.01-Memorandum, Information Assurance Workforce Improvement Program.

Equal Opportunity Employer - The United States government does not discriminate in employment based on race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service or other non-merit factor.