cnd Archives - RMF for DoD IT

Position:                              IT Admin
Duration:                            Full Time
Location-                            Lackland AFB, San Antonio, TXSecurity Clearance: Active Top Secret clearance or higher

PRIMARY DUTIES:

– Conduct network security monitoring and intrusion detection analysis for the NIPRNet and SIPRNet using the AF’s selected IDS/IPS toolset

– Research NIPR and SIPR defensive cyber operations events to determine the necessity for deeper analysis and conduct an initial assessment of type and extent of intruder activities.

– Enter event data into mission support systems according to operational procedures and reports through the 33rd operational chain.

– Record suspicious events, meeting established thresholds, into the operational database for suspicious traffic. Records shall contain sufficient information to stimulate future research of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity.

– Provide computer security-related assistance to Air Force field units (example: the Integrated Network Operations and Security Center (INOSC), Base Information Assurance shop) in countering vulnerabilities, minimizing risk, and improving the security posture of AF computer networks and systems within the scope of operational requirements and mission execution.

BASIC QUALIFICATIONS:

– Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas:

EDUCATION REQUIREMENTS:

– One or more of the following IAT Level II Certifications (GSEC, Security +, SSCP, CCNA-Security)

– CND Certification (GCIA, CEH, GCIH).

Thanks & Regards,

Harpal Singh

Technical Recruiter

22^nd Century Technologies Inc.(TSCTI)

Direct : (908) 765-0003 Ext: 315

Computer Network Defense is listed in the DoDD 8140, Cyberspace workforce has as a task among the Protect & Defend Category.

Job Description of Computer Network Defense

The actual work of Computer Network Defense covers Protect & defend and Analyze and possibly other categories. A system security analyst doing CND work is expect to monitor, detect and respond to security incidents on the network. They need to be familiar with not only information system security tools to monitor network traffic but they must also be able to know what the actual packets look like with certain patterns emerge on the network. They must be familiar with certain patterns to detect network attacks and be familiar with incident handling.

Tools of Computer Network Defense

System security analyst performing CND work should be able to use a packet sniffer (protocol analyzer) such as wireshark and etherape. The are also expected to be knowledgeable of certain Intrusion Detection System (such as Snort). Or they can also have working experience with Intrusion Prevention Systems. Since there are so many products that do very similar work of IPS, IDS, or packet analyzer knowing one really good and having a little hands on with others is usually ok. What is important is knowing signature system attacks well enough to detect them when they occur, understanding ports, protocols and services and being intimately familiar with network packets.

Computer Network Defense Certification

GIAC Certified Intrusion Analysts (GCIAs) – The top of the food chain for security analysts doing pure analyst work. Highly, highly respect intrusion cert.

GIAC Certified Incident Handler (GCIH) – Help certification to establish yourself.

CISSP – not really relevant or specialized for incident analysis but accepted like a VISA card.

Security+…not so much.. its like bringing a knife to a gun fight.

RMF for DoD IT

Risk Mangement Framework for DoD IT

Tag Archives: cnd

Full Time Position Need IT Admin Technical Lead location Lackland AFB, San Antonio TX

computer network defense