You are viewing a preview of this job. Log in or register to view more details about this job.

Defensive Cyberspace Operator

227th Cyberspace Operations Squadron
Email

POSITION DESCRIPTION

Position Title: 1B4X1, Defensive Cyberspace Operator

Unit: 227 Cyberspace Operations Squadron, New Jersey Air National Guard

Duty Location: Joint Base McGuire Dix Lakehurst, NJ

I. Position Summary

Serves as a Defensive Cyberspace Operator responsible for executing the full spectrum of Defensive Cyberspace Operations (DCO). The operator will protect, monitor, analyze, detect, and respond to unauthorized activity within assigned Air Force and Department of Defense (DoD) cyberspace terrain. This role is critical to ensuring the confidentiality, integrity, and availability of mission-critical systems and networks. Operators will employ a variety of tactics, techniques, and procedures (TTPs) to counter advanced persistent threats (APTs), neutralize malicious activity, and provide mission assurance for warfighting capabilities.

II. Key Duties and Responsibilities

The duties of a Defensive Cyberspace Operator are dynamic and threat-driven, encompassing the following core functions:

A. Real-Time Network Defense and Monitoring (Protect & Detect):

  • Continuously monitors network traffic, system logs, and security alerts using Security Information and Event Management (SIEM) platforms (e.g., Splunk, ELK Stack), Intrusion Detection/Prevention Systems (IDS/IPS), and other network security tools.
  • Analyzes network packet captures (PCAP) and flow data (e.g., NetFlow) to identify anomalous or malicious patterns.
  • Triages and validates security alerts, escalating potential incidents according to established procedures.
  • Maintains situational awareness of the health and security posture of the squadron’s designated cyberspace terrain.

B. Incident Response and Mitigation (Respond & Recover):

  • Executes established Incident Response (IR) playbooks to rapidly contain, eradicate, and recover from cyber incidents.
  • Performs host-based and network-based forensics to determine the scope, impact, and root cause of a compromise.
  • Conducts memory analysis, disk imaging, and malware analysis on affected systems to identify adversary tools and TTPs.
  • Implements defensive countermeasures to block adversary activity and restore mission-essential services.
  • Documents all actions taken during an incident for post-mortem analysis and official reporting.

C. Proactive Defense and Threat Hunting:

  • Proactively searches for indicators of compromise (IOCs) and evidence of adversary presence within networks, operating on the assumption that a breach may have already occurred.
  • Develops and tests hypotheses based on threat intelligence reporting, vulnerability disclosures, and knowledge of adversary TTPs.
  • Leverages advanced query languages and analytical tools to sift through vast amounts of data in search of subtle threat actor activity that evades traditional detection methods.

D. Vulnerability Assessment and Mission Assurance:

  • Conducts vulnerability scans and penetration tests on assigned networks and systems using tools such as ACAS/Nessus and Metasploit to identify and validate security weaknesses.
  • Analyzes results to prioritize vulnerabilities based on mission impact and exploitability.
  • Provides actionable recommendations to system administrators and mission owners for remediation and risk mitigation.
  • Performs security assessments on new and existing systems to ensure compliance with DoD security standards and best practices.

E. Tool and Content Development:

  • Develops and maintains custom scripts (e.g., Python, PowerShell) to automate security tasks, data analysis, and incident response actions.
  • Creates and tunes detection signatures and analytics for SIEM, IDS, and other security tools (e.g., YARA, Snort rules).
  • Assists in the engineering, maintenance, and optimization of the DCO tool suite and operational infrastructure.