CNDSP Incident Analyst II

We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace. Vectrus is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran. 


The CNDSP Analyst will be responsible for incident handling, triage of events, network analysis and threat detection, trend analysis, vulnerability information dissemination. Coordinate Network Defense Operations and monitor and report incident status, threat possibilities and trending.  Have knowledge of Army computer network defense with a strong understanding of the lifecycle of network threats, typical attack vectors, and network and system vulnerability exploitation.  This position is for 24/7 shift coverage.
  1. Provide incident response duties as required and directed by the ACE-IT CIRT.
  1. Document and report incidents from initial detection through final resolution using standard DoD incident reporting channels and methods (refer to CJCSM 6510.01B “Cyber Incident Handling Program” dated 10 July 2012 or later)
  1. Provide remote incident handling support such as forensics collections, intrusion correlation tracking, threat analysis and direct system remediation tasks to onsite personnel.
  1. Coordinate with USACE Cyber Security Team to correlate threat assessment data.
  1. Monitor open source feeds and reporting on the latest threats against computer network defenses.
  1. Ability to learn the interface, customization, language acceptance, and logic of new CND related tools as ACE-IT acquires them.
  1. Utilize malware analysis techniques, advanced statistic and dynamic analysis to identify and assess malicious software.
  1. Monitor intrusion detection and security information management systems to discover and mitigate malicious activity on enterprise networks.
  1. Initiate computer incident handling procedures to isolate and investigate potential network information system compromises.
  1. Perform malware and/or forensic analysis as part of the incident management process.
  1. Design and integrate custom rules and reports into proper security tools and data collection architectures.
  1. Identify risks to computer systems and make written and verbal remediation recommendations to senior program staff as well as ACE-IT leadership.
  1. Respond to General Service Incidents: Service and infrastructure related incidents (loss of service, poor performance, and service anomalies)
  1. Respond to Electronic Spillage incidents where classified, Personal Identifiable Information (PII), Controlled Unclassified Information (CUI), or Networks of Interest (NOI) information is introduced on an IT system or network that it is not authorized to hold or process such data.
  1. Respond to Unauthorized disclosure: any incident where information, data, or files have been made available to a person or persons who do not have authorized access.
  1. Respond to requirements associated with Information Operations Conditions (INFOCON) and higher HQ direction.
  1. Support Investigation activities associated with complex incidents requiring more in depth data collection for command or law enforcement issues.
  1. Support Security Incident Response to include: Perimeter Configuration Incidents, Security Events to address actual or potential CND events or identified threats; End user level intrusion or rouge systems; vulnerability identification and mitigation; and Mission Assurance Incidents impacting IT systems or networks.
  1. Work in close coordination with the Information Assurance team and SOC to appropriately resolve daily incidents.
  1. Ensure staff are following customer, DoD, Army, Vectrus policies and procedures.
  1. This position is for shift work for 24/7 coverage.
Desktop/Laptop computers, IA and CND software security applications: See Below.
(Web filtering)
(Zone based firewall)
(Web security, Endpoint Security)
(Network access control)
(Compliance scanning tool)
(Full Packet Capture)
(Network Tap technology)
(Reverse web proxy/Web application firewall)
Majority of work will be performed in an internal, climate controlled environment.  Requires good communication skills.  In order to communicate Computer Network Defense (CND) and Information Assurance issues with the customer and other co-workers.
Person should be capable of lifting 40 lbs without assistance, and should not have difficulties standing for long periods of time, or possibly walking distances of up to ¼ mile, or possibly slightly further.


Minimum Qualifications:
4 – 7 years IT Security and CND experience or Computer Science Bachelors Degree;
3 or more years IT Security and CND experience in the Army/DOD or Computer Science Bachelors Degree;
This position requires DoDI 8570.01-M  CNDSP Incident Responder (GCIH, CSIH, CEH, GCFA certification and corresponding Computing Environment certification. 
•Required Top Secret Clearance based on a SSBI and able to meet the requirements of DCID 6/4
 •Demonstrate expert-level knowledge in planning, directing, and managing projects/operations in an organization similar in size to this acquisition;
 •Demonstrate expert-level knowledge of Army, DOD and industry accepted policies, standards, best practices, and regulations related to Cyber Security CND;
 •Demonstrate experience with researching and fielding new and innovative technology
•Experience with SEIM solutions, Log collection analytics, Host base IDS/IPS (endpoint security), and Email security, Web security
 •Understanding of how backdoors are used to gain access to systems and how to defend systems
 •Understanding and knowledge of how attackers use tunneling and covert channels to cover their tracks on a network, and the strategies involved in defending against them.
 •Clear understanding of how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks.
 •Comprehensive understanding of different kinds of Denial of Service (DoS) attacks and how to defend against them.
•Knowledge of how format string attacks work and how to defend against them.
 •Extensive packet analysis skills
 •Experience conducting network, system and malware analysis and reporting findings, assisting with vulnerability mitigation strategy and execution.
 •8570 Compliant CNDSP Incident Responder (i.e CEH) with an approved Computing Environment Certification; and an OS certification
 •Excellent written and verbal communication skills with good organizational and project management skills with the ability to lead a team.


Primary Location

: United States

Clearance Level required at Start Date: Secret


: Yes, 5 % of the Time


Leave a Reply