Cyber Response Analyst

Come Join Our Team

Fast-paced, dynamic, and rewarding environment supporting regional defense efforts. This project delivers defensive cyberspace operations (DCO) support to Cyber Security Service Provider Division (CSSP-D), US Army Regional Cyber Center-Korea. The CSSP-D environment includes any hardware, software, application, tool, system, or network used by the Government, whether developed, leased, or commercially purchased. Our operations are based on-site at Camp Humphreys, South Korea. Employees are authorized to receive a Living Quarters Allowance, a Cost-of-Living Allowance, and relocation expenses. Additionally, our employees are eligible for reimbursement for school-aged children to attend either Department of Defense Education Activity schools (space available) or local school of choice.

What is the position?

As a Cyber Response Analyst, you will be required to defend against unauthorized activity on all Army assets residing on NIPRNet, SIPRNet, and CENTRIX-K. Your work will include current and new systems at various lifecycle stages, and any future applications/systems not currently identified. This includes activities from external hackers who may attempt to gain unauthorized access, insider threat attempts for unauthorized access, and policy violations that may impact network security and operations. You will be required to continue performance during peacetime, crisis, hostilities, and war operations. This position requires DoD 8140 Certification compliance by having either a Bachelor’s degree in an appropriate major or one of the certifications listed below.

This is a contingent position with an expected start date in August 2024.

• Recognize a cyber security incident and take appropriate action to report the incident and preserve evidence, mitigating any adverse impact, and devising defensive measures.
• Develop and implement access control lists on routers, firewalls, and other network devices. 
• Identify vulnerabilities resulting from a departure from an implementation plan or that were not apparent during testing.
• Design and implement technical vulnerability corrections and security countermeasures.
• Install and maintain perimeter defense systems including intrusion detection systems, firewalls, grid sensors, etc., and enhance rule sets to block sources of malicious traffic.
• Identify and/or determine whether a security incident is indicative of a violation of law that requires specific legal action.
• Monitor and evaluate the effectiveness of enclave IA security procedures and safeguards.
• Support the design and execution of security exercises.
• Conduct tests of network devices and IA safeguards in accordance with established test plans and procedures to ensure compliance with security policies, procedures, and requirements.
• Provide DCO Network Security Monitoring, Detection, and Analysis; coordinate, de-conflict, and employ internal defensive measures within the DoDIN; assess new technologies and devices relevant to DCO.
• Conduct exploratory and in-depth analysis of network traffic from security devices, analysis of host-based audit logs, malware analysis, trending of incident reports, correlation of classified and opensource threat reporting, and linkages/integration with other DCO agencies.
• Analyze and correlate anomalous events identified in Security Information Event Management (SIEM) systems, Big Data Analytics, and supporting devices/applications.
• Recognize a cyber security incident, take appropriate action to report the incident and preserve evidence, mitigating any adverse impact, and devising defensive measures. 
• Perform initial analysis on captured volatile data, log data, captured network traffic data, etc. to identify any immediate intrusion related artifacts which in turn will allow immediate defensive countermeasures to be implemented. 
• Report incidents to law enforcement and counterintelligence agencies.
• Implement mitigation measures in response to general or specific Advanced Persistent Threats (APT), (attempted exploits/attacks, malware delivery, etc.) on the respective networks.
• Participate in Incident Response investigations for the operational environment (NIPRNet, SIPRNet, and CENTRIX-K).
• Provide situational awareness of evolving network threats trends. 
• Synchronize DCO programs with ARCYBER personnel as required via working group participation to develop, research, publish, test, and annually update Deliverables, Standard Operating Procedures and Tools, Tactics, Techniques and Procedures (TTTP) related to Cyber Defense, Live Incident Handling Analysis, Cyber Threat Analysis, Threat Detection, Computer Defense Assistance Program (CDAP), and the Cyber Intrusion Analysis Program (CIAP). 
• Participate in ARCYBER Cyberspace Operations (CO) meetings, conferences, and working groups. 
• Support Disaster Recovery (DR) and Continuity of Operations (COOP) Capability. 
• Support Cybersecurity Service Provider (CSSP) accreditation. 
• Participate, if tasked, in exercises and assist with the development, planning and support of exercises such as Gaining Cyber Dominance or other cyberspace defense engagements.

• Active DoD TS/SCI clearance
• Bachelor’s degree or higher from an accredited college or university in one of the following fields: Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, Computer Engineering, Mathematics or Engineering
• Any of the following certifications can be substituted for a Bachelor’s degree: CCSP or CEH or CFR or Cloud+ or CySA+ or GCED or GICSP or PenTest+
• If substituting certification for a Bachelor’s degree, a HS diploma or GED is required in addition to the certification.

Preferred Qualifications

• Previous experience in an equivalent position

Headquartered in Huntsville, AL, i3 is a national leader in providing innovative technical and engineering solutions to a broad customer base across the U.S. DoD. Specializing in missile and aviation engineering and logistic services, electronic warfare and electromagnetic affects analysis, UAS system integration and flight operations, full lifecycle C5ISR engineering services, engineering analysis, cybersecurity and IT/IA innovative solutions and virtual training, simulation & serious game development and implementation.

• We were founded in 2007 with the intent to do business differently.
• Our focus is to leave our team members and customers better than we found them.
• Our ultimate goal is to strengthen our Nation and our warfighter.

Perks and Benefits at i3:

• 100% team member owned
• Outstanding insurance coverage
• 401(k) match
• Health and wellness incentives
• Tuition and certification reimbursement
• Generous PTO
• Fun culture with company activities
• Countless opportunities to give back to the community through our charitable organization, i3 Cares

We work hard. We compete hard. We play hard. Apply now to join us!