Organization U.S. Army Cyber Command
Duty Location FORT MEADE, ANNE ARUNDEL, MD
Major Duties The U.S. Army Cyber Protection Brigade (CPB) also known as the "Hunter" brigade is Army's premier cyber threat hunter. We hunt advanced adversaries to enable information advantage in multi-domain operations and maintain and defend strategic cyber infrastructure. We are comprised of 1,300-plus specially trained and mission-focused Soldiers and civilians who work as a cohesive team to drive cyberspace operations and impose cost on our nation's enemies.
The incumbent will serves as a Host Analyst for a U.S. Army Cyber Protection Team (CPT) in the U.S. Army Cyber Protection Brigade (CPB). The incumbent will knowledge of system/server and host based forensics to enable cyber security operations. The cyber role of a Host Analyst performs hunt, clear, enable hardening, as well as provide Cyber Threat Emulation (CTE) and Discovery and Counter-Infiltration (D&CI) capabilities.
- Install, operate, maintain, configure, test, and secure hardware and software-based Operating Systems (OS).
- Conduct in-depth analysis of host systems and servers for indicators of Malicious Cyber Activity (MCA), Insider Threat, or lack of best practices of Defensive Cyber Operations.
- Review host scan results to provide guidance, hardening recommendations, and system configuration best practices which, enable local network/system owners to secure their environment against Malicious Cyber Activity (MCA).
- Recognize and/or develop signatures to identify indicators of compromise on client host systems/servers.
- Perform triage procedures on potentially malicious systems within mission parameters.
- Clear and defend critical assets, Mission Relevant Terrain (MRT) or Key Terrain - Cyber (KT-C) either remotely or by deploying to the affected location as needed.
- Develop Army/Department of Defense countermeasures, threat/vulnerability analysis, operational assessment and threat mitigation.
- Coordinate with local defenders and cybersecurity service providers (CSSPs) to develop methods for the timely and accurate reporting and implementation of recommended defensive countermeasures.
Qualifications/ Specialized Experience Army CES positions apply Veteran's Preference to preference eligible candidates, as defined by Section 2108 of Title 5
U.S.C., in accordance with the procedures provided in DoD Instruction 1400.25, Volume 3005, "CES Employment and
Placement". If you are a veteran claiming veterans' preference, as defined by Section 2108 of Title 5 U.S.C., you must
submit documents verifying your eligibility with your application package.
In order to qualify, you must meet the education and/or experience requirements described below for each applicable grade level you wish to be considered. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student; social). You will receive credit for all
qualifying experience, including volunteer experience. Your resume must clearly describe your relevant experience; if qualifying based on education, your transcripts will be required as part of your application.
Additional information about transcripts is in this document. To qualify based on your experience, your resume must describe one-year of specialized experience that demonstrates the possession of knowledge, skills, abilities, and competencies necessary for immediate success in the position. Such experience is typically in or directly related to the work of the position to be filled. Specialized experience would be demonstrated by
GG-07: Assisting in performing surveys and evaluating network traffic to identify baselines, trends, anomalous traffic, and potential malicious cyberspace activities; and assisting in incident response process and threat mitigation and development of mitigations and threat counter measures.
GG-09: Updating security patches in compliance with Cybersecurity policy/ regulations; and collecting information from customers to be used in the restoration of network services.
GG-11: Detecting anomalies in host data; monitoring enterprise tools for potential intrusions; and mitigating threats by keeping tools up to date with the latest approved system and security releases.
GG-12: Installing, operating, maintaining, configuring, testing, and/or securing hardware and software-based operating System (OS) environments (for example Microsoft Windows and Linux); analyzing network or host data and devices to recognize anomalous behavior/artifacts; determining the stage(s) of an intrusion (for example using network and/or host artifacts, along with possible use of software, to determine what stage of the cyber kill chain
that a potential adversary is in); and creating threat reporting and/or briefing based on analysis. The specialized experience must include, or be supplemented by, information technology related experience (paid or unpaid experience and/or completion of specific, intensive training, as appropriate) which demonstrates each of the four competencies, as defined:
(1) Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Examples of IT-related experience demonstrating this competency include: completing work independently that rarely requires editing or review by others.
(2) Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Examples of IT-related experience demonstrating this competency include: resolving simple and routine problems, questions, or complaints and providing support and guidance to customers on non-routine issues; serving as a primary resource for customers, requesting assistance with complex issues when necessary; and participating in meetings and providing advice to customers in own area of expertise.
(3) Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Examples of IT-related experience demonstrating this competency include: expressing facts and ideas in a clear, concise, convincing, and organized manner; clearly conveying moderately complex ideas, concepts, and information to customers; exhibiting active listening by demonstrating understanding of audience comments and/or questions.
(4) Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Examples of IT-related experience demonstrating this competency include: identifying and solving problems by gathering and applying information from a variety of materials or sources that provide several alternatives; recognizing and taking action to address non-routine problems; soliciting feedback from multiple stakeholders to understand an issue or problem and accurately assess its root causes and potential solutions; seeking supervisory review where appropriate.
EDUCATION:
GG-07 Substitution of Education for Experience: One full year of graduate level education from an accredited or pre-accredited institution in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management; or, graduate level education from an accredited or pre-accredited institution that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems, or networks.
OR
Superior Academic Achievement: Successful completion of all the requirements for a bachelor's degree from an accredited or pre-accredited institution in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management; or, bachelor's degree from an accredited or pre-accredited institution that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems, or networks. Superior Academic Achievement is based on:
(1) Class Standing - You must be in the upper third of the graduating class in the college, university, or major subdivision, such as the College of Liberal Arts or the School of Business Administration, based on completed courses; OR
(2) Grade-Point Average (G.P.A.) - You must have a grade-point average of either (a) 3.0 or higher out of a possible 4.0 ("B" or better) as recorded on your official transcript, or as computed based on 4 years of education, or as computed based on courses completed during the final 2 years of the curriculum; or (b) 3.5 or higher out of a possible 4 . click apply for full job details