Cyber Protection Brigade Information Technology Cybersecurity Specialist

Overview

Organization

U.S. Army Cyber Command

Duty Location

FORT EISENHOWER, RICHMOND, GA

The U.S. Army Cyber Protection Brigade (CPB), also known as the "Hunter" brigade, is Army's premier cyber threat hunter. We hunt advanced adversaries to enable information advantage in multi-domain operations and maintain and defend strategic cyber infrastructure. We are comprised of 1,300-plus specially trained Soldiers and civilians who work as a cohesive team to drive cyberspace operations and impose cost on our nation's enemies.

The incumbent serves as a Host Analyst for a U.S. Army Cyber Protection Team (CPT) in the U.S. Army Cyber Protection Brigade (CPB). The incumbent has knowledge of system/server and host-based forensics to enable cyber security operations. The cyber role of a Host Analyst performs hunt, clear, enable hardening, as well as provide Cyber Threat Emulation (CTE) and Discovery and Counter-Infiltration (D&CI) capabilities.

• Install, operate, maintain, configure, test, and secure hardware and software-based Operating Systems (OS).
• Conduct in-depth analysis of host systems and servers for indicators of Malicious Cyber Activity (MCA), Insider Threat, or lack of best practices of Defensive Cyber Operations.
• Review host scan results to provide guidance, hardening recommendations, and system configuration best practices which enable local network/system owners to secure their environment against MCA.
• Recognize and/or develop signatures to identify indicators of compromise on client host systems/servers.
• Perform triage procedures on potentially malicious systems within mission parameters.
• Clear and defend critical assets, Mission Relevant Terrain (MRT) or Key Terrain - Cyber (KT-C) remotely or by deploying to the affected location as needed.
• Develop Army/Department of Defense countermeasures, threat/vulnerability analysis, operational assessment and threat mitigation.
• Coordinate with local defenders and cybersecurity service providers (CSSPs) to develop methods for timely and accurate reporting and implementation of recommended defensive countermeasures.

Army CES positions apply Veteran's Preference to preference-eligible candidates, as defined by Section 2108 of Title 5 U.S.C., in accordance with DoD Instruction 1400.25, Volume 3005, "CES Employment and Placement." If you are a veteran claiming veterans  preference, you must submit documents verifying your eligibility with your application package.

To qualify, you must meet the education and/or experience requirements described for each applicable grade level. Experience includes paid and unpaid work, including volunteer service. Your resume must clearly describe your relevant experience; transcripts may be required if qualifying based on education. You will receive credit for qualifying experience, including volunteer experience. One year of specialized experience is typically required. Specialized experience would be demonstrated by:

GG-07:
Assisting in surveys and evaluating network traffic to identify baselines, trends, anomalous traffic, and potential malicious cyberspace activities; and assisting in incident response and threat mitigation.

GG-09:
Updating security patches in compliance with cybersecurity policy/regulations; and collecting information from customers for restoration of network services.

GG-11:
Detecting host data anomalies; monitoring enterprise tools for intrusions; and mitigating threats by keeping tools up to date with latest releases.

GG-12:
Installing, operating, maintaining, configuring, testing, and/or securing hardware and software OS environments (e.g., Windows, Linux); analyzing network or host data to recognize anomalous behavior; determining intrusion stage; and creating threat reporting based on analysis. Education substitutions and the four IT competencies (Attention to Detail, Customer Service, Oral Communication, Problem Solving) are described.

Education substitutions and requirements are provided for GG-07, GG-09, GG-11, and GG-12 levels, including Superior Academic Achievement and other criteria. Foreign education evaluation requirements are listed.

Education and Substitutions

GG-07:
One full year of graduate-level education in relevant fields or equivalent experience; or Superior Academic Achievement as defined.

GG-09:
Master’s or two full years of graduate education.

GG-11:
Ph.D. or three full years of graduate education.

GG-12:
No education substitution allowed.

FOREIGN

EDUCATION:

If using foreign education, show credentials are evaluated for U.S. equivalence.

• Three-year probationary period unless already met requirements.
• Must obtain and maintain TOP SECRET eligibility with SCI access.
• IT access level IT-I; TS/SCI with special sensitivity Tier 5.
• Pre-employment urinalysis and ongoing testing per AR 600-85.
• Counter-intelligence polygraph may be required with No Deception Indicated (NDI).
• NSA facility access requirements if assigned to NSA facilities.
• Possibility of…