Jr. Cyber Defense Incident Responder

This is a full-time direct hire position and you must currently have an active TS/SCI Security Clearance or above. We are not able to offer visa sponsorship, 1099 status, or work with C2C for this role.

Why WWT?

At World Wide Technology, we work together to make a new world happen. Our important work benefits our clients and partners as much as it does our people and communities across the globe. WWT is dedicated to achieving its mission of creating a profitable growth company that is also a Great Place to Work for All. We achieve this through our world-class culture, generous benefits and by delivering cutting-edge technology solutions for our clients.

Founded in 1990, WWT is a global technology solutions provider leading the AI and Digital Revolution. WWT combines the power of strategy, execution and partnership to accelerate digital transformational outcomes for organizations around the globe. Through its Advanced Technology Center, a collaborative ecosystem of the world's most advanced hardware and software solutions, WWT helps clients and partners conceptualize, test and validate innovative technology solutions for the best business outcomes and then deploys them at scale through its global warehousing, distribution and integration capabilities.

With over 12,000 employees across WWT and Softchoice and more than 60 locations around the world, WWT's culture, built on a set of core values and established leadership philosophies, has been recognized 14 years in a row by Fortune and Great Place to Work® for its unique blend of determination, innovation and creating a great place to work for all.

Want to work with highly motivated individuals on high-performance teams? Join WWT today!

Our Government Services team provides cleared resources with a global reach to federal civilian, Department of Defense (DoD), and intelligence community markets. We excel at delivering innovative, operationally ready, and cost-effective IT solutions that accelerate the interoperability and resiliency of mission-critical systems.

WWT is seeking a Jr Cyber Defense Incident Responder to support the requirements of the 33 Cyber Operations Squadron (33 COS) in efforts to provide incident response on alerts from systems newly aligned to the Air Force Cyber Security Support Provider (CSSP).

• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Identify and analyze anomalies in network traffic using metadata.
• Identify applications and operating systems of a network device based on network traffic.
• Perform cyber defense trend analysis and reporting.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Ability to interpret and incorporate data from multiple tool sources.
• All other duties as defined by CSSP

• 2+ years of experience in conducting incident handling/response, cyber threat hunting, Computer forensics, Cyber Network Defense and Analysis
• Associate's Degree or Higher in Cybersecurity, Computer Science or related field
• IAT II 8140 Certification
• GIAC Certified Forensic Analyst (GCFA)
• Security Clearance:
  Top Secret/SCI with potential for higher read-ins
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
• Knowledge of cybersecurity principles.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of authentication, authorization, and access control methods.
• Knowledge of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
• Ability to interpret and incorporate data from multiple tool sources.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.
• Knowledge of Palo Alto XOAR playbook development.
• Linux Incident response and forensics background.
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Knowledge of network traffic analysis methods
• Skilled in deep packet…