Defensive Cyber Operations

Job Description Tyto Athene is searching for a Defensive Cyber Operations (DCO) SME to support the United States Space Force (USSF) Space Operations Command (SpOC) Intelligence and Cyber Defense for the Enterprise Services (SPICES) contract as a Defensive Cyber Operations (DCO) Subject Matter Expert (SME). The DCO SME supports support development, improve proficiency, and increase operational effectiveness of USSF Cyber Squadron personnel by providing/ employing DCO capabilities, conducting intrusion detection monitoring and analysis, identifying malicious cyber activity and determining attack vectors, executing cyber response activities, developing defensive countermeasures, and providing Subject Matter Expertise to the United States Space Force Cyber Guardians. Responsibilities: Develop operational and technical materials to aid in increasing proficiency of the crews Provide cyber defense remediation and mitigation implementation recommendations in support of all incidents/events Provide support for all Operational Planning Teams (OPTs) and crew shift planning processes. Support includes participating in the planning process, recommending course of action (COAs), and validating the technical approach to meet mission objectives Draft and validate accuracy of squadron level DCO Tactics, Techniques, and Procedures (TTPs); Standard Operating Procedures (SOPs); Operational Instructions (OIs); as well as DCO Crew operations products, evaluation and material, and other related materials Conduct analysis on new DCO-Space capability releases to assess new functionality and inform employment for mission execution Attend meetings, teleconferences, and Video Teleconferences (VTCs) at the Unclassified, Secret, and TS/SCI level (as required) Provide recommendations for exercises and mission rehearsals Maintain proficiency by performing DCO crew operation for assigned space mission systems Provide expertise for DCO-Space capabilities, to include Security Incident and Event Management (SIEM); Intrusion Detection and Prevention Systems; ELK (Elasticsearch, Logstash, and Kibana) Stack; Endpoint Protection Systems; Security Orchestration, Automation and Response (SOAR); Firewalls; Log Aggregator; Protocol Analyzers; Vulnerability Assessment Tools Augment and advise the crews performing intrusion detection monitoring and analysis Provide input and review Cyber 9-Line; and review accuracy of cyber incident inputs for SITREP and MISREP Advise and assist with cyber incident response processes IAW squadron policies and procedures, to include: Assist in providing in-depth analysis of incidents by determining the incident's nature, formulating recommended response actions, correlating event and incident data across assigned space mission systems, determining actions to be taken, and assessing possible effects on assigned mission systems Participate in Government-established Cyber Incident Response Teams (CIRTs) and provide technical assistance in determining the cyber events/incident's nature and impact to space mission systems; develop and recommend mitigation and/or remediation COAs; ensure mission system owners/operators and leadership have situational awareness of active response activities via recurring status reports and/or update briefs Provide technical expertise in the creation of recommendation of Courses of Action (COA) along with suggested timing and sequencing of actions to mitigate and/or remediate cyber threats to space mission systems Participate in post-incident hot washes and lessons learned processes as required by the Government Recommend cyber incident response best practices to improve TTPs, processes, and policies Provide recommendations on how to best optimize DCO-Space capabilities, to include countermeasure development (i.e., signatures, rules, policies, etc.) for defensive sensors and capabilities deployed on space mission system networks and endpoints to eliminate false positives; prioritize actionable alerts; and to provide enhanced correlation accuracy for cyber incidents, events, trends, and behaviors Assist and support CYS Government personnel on how to identify, document, and track normal baseline activity for assigned space mission systems by monitoring, collecting, and analyzing space mission system data traffic; and reviewing, auditing, and analyzing network and endpoint logs Assist and support CYS Government personnel on performing Mission Relevant Terrain - Cyber (MRT-C) identification and mapping, leveraging Functional Mission Analysis - Cyber (FMA-C) concepts for assigned space mission systems Assist and support CYS Government personnel on how to conduct cyber missions, to include Survey, Recon, Escort, Hunt, Strike, Recover and others on assigned space mission systems to detect, track, and disrupt Advanced Persistent Threats (APTs) that evade existing cybersecurity controls and detection capabilities Provide inputs to post-mission analysis process for Cyber missions as required by the Government Recommend cyber mission best practices to improve TTPs, processes, and policies Required: Minimum of one (1) active DoD 8570.07-M Cyber Security Services Provider (CSSP) "Analyst" or "Incident Responder" certifications: CEH, CySA+, GCIH, GCIA, CFR, CCNA Cyber Ops, CCNA-Security, GICSP, Cloud+, SCYBER, PenTest+, CHFI or GCFA Six (6) years of Cyber Security Analyst work experience (or equivalent). Experience includes Cybersecurity Monitoring; Cybersecurity Analyst; Intrusion Detection and/or Cyber Incident Response. Experience performing Continuous Cybersecurity Monitoring, Intrusion Detection and Cyber Incident Response. Experience with the following tools: ELK Stack, Kibana, Suricata, Splunk, Snort, Wireshark, Bro/Zeek logs, tcpdump, editcap, LogRhythm, ePo/HBSS, ACAS, SolarWinds, Microsoft Office 365, Active Directory WMIC commands. Cybersecurity Service Provider (CSSP) experience is preferred. Familiarity with Space Operations is highly desired. Desired: Eight (8)+ years of relevant cybersecurity experience IAT Level III Certification required IAW DoD 8570.07-M. Qualifying certifications include: CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP Clearance: Active DoD TS/SCI clearance Location: Schriever Space Force Base (SFB), CO Schedule: Mon-Fri, day shift Compensation: Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically $115K-$130K. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range. Benefits: Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave Clearances Required TS/SCI Additional Information Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains-Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT-empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide. At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join ? Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.