Enterprise Information Services, Inc.

  • Live Incident Handling Analyst

    Job Location KR | KR-27
    # of Openings
    Targeted Job Start Date
  • Overview

    This project will provide defensive cyberspace operations (DCO) support to Defensive Cyberspace Operations Division (DCOD), US Army Regional Cyber Center-Korea. The DCOD environment includes any hardware, software, application, tool, system, or network used by the Government, whether developed, leased, or commercially purchased.


    Work shall include current and new systems at various lifecycle stages, and any future applications/systems not currently identified. DCO services are required to defend against unauthorized activity on all Army assets residing on the NIPRNet and SIPRNet. This includes activities from external hackers who may attempt to gain unauthorized access, insider threats attempts for unauthorized access, and policy violations that may impact network security and operations. The Contractor shall be required to continue performance during peacetime, crisis, hostilities, and war operations.


    • Ability to recognize a cyber security incident, taking appropriate action to report the incident and preserve evidence, mitigating any adverse impact, and devising defensive measures.
    • Support Disaster Recovery (DR) and Continuity of Operations (COOP) Capability.
    • Synchronize DCO programs with ARCYBER personnel as required via working group participation to develop, research, publish, test, and annually update Deliverables, Standard Operating Procedures and Tools, Tactics, Techniques and Procedures (TTTP) related to Cyber Defense, Live Incident Handling Analysis, Cyber Threat Analysis, Threat Detection, Computer Defense Assistance Program (CDAP), and the Cyber Intrusion Analysis Program (CIAP).
    • Support Cybersecurity Service Provider (CSSP) accreditation.  
    • Analyze on an average 50 daily cyber threat reports and recommend internal defense measure for the respective theater.
    • Conduct Computer Defense Assistance Program (CDAP) missions IAW AR 380-53, Communications Security Monitoring. 
    • At least twice annually, define current DCO posture and capabilities for supported networks, identify gaps with current DCO posture, generate a detailed analytical report for gaps found, and provide input to implementation plans.  
    • Participate during planning meetings required to identify/develop requirements and engineering for the sensor grid.
    • Coordinate, de-conflict, and employ internal defensive measures within the DoDIN.
    • Assess new technologies and devices relevant to DCO. 
    • Participate, if tasked, in exercises and assist with the development, planning and support of exercises such as Gaining Cyber Dominance or other cyberspace defense engagements.
    • Provide situational awareness of evolving network threats trends.
    • Participate in ARCYBER Cyberspace Operations (CO) meetings, conferences, and working groups.
    • Provide DCO Network Security Monitoring, Detection, and Analysis.
    • Analyze and correlate anomalous events identified in, Security Information Event Management (SIEM) systems, Big Data Analytics, and supporting devices/applications. 
    • Analyze, correlate, and trend anomalous events and incidents to identify and characterize the threat or inciden.
    • Conduct exploratory and in-depth analysis of network traffic from security devices, analysis of host based audit logs, malware analysis, trending of incident reports, correlation of classified and open source threat reporting, and linkages/integration with other DCO agencies.
    • Implement mitigation measures in response to general or specific Advanced Persistent Threats (APT), (attempted exploits/attacks, malware delivery, etc.) on the respective networks.
    • Develop, staff, coordinate, and execute Incident Response investigations for the operational environment (unclassified and classified).
    • Report incidents to law enforcement and counterintelligence agencies. 
    • Capture and perform initial analysis on captured volatile data, log data, captured network traffic data, etc. to identify any immediate intrusion related artifacts which in turn will allow immediate defensive countermeasures to be implemented. 


    Clearance and Certifications

    • Active DoD TS/SCI clearance
    • DoD CSSP-Incident Responder; one of the following - CEH, CFR, CySA+, GCFA, GCIH or SCYBER.
    • DoD 8570 IAT III; one of the following – CASP CE, CCNP Security, CISA, CISSP (or Associate), GCED or GCIH.
    • Operating System Certification.

    Other Requirements 

    • Bachelor’s degree and 5 years’ experience in Cyber Intrusion Analysis and Information Assurance technology; may substitute five additional years of experience for a Bachelor’s Degree
    • TIL Foundations certification (within three months of contract start date or hiring date)
    • All DCO analysts shall have specialized experience in Information Technology (IT) defense infrastructure (Sensors, Vulnerability Scanners, Firewalls, etc.) and a working knowledge of wireless technology and Army operating systems (OS) (i.e. Windows, Apple, and UNIX).
    • Experience working independently to solve problems quickly and completely.
    • Experience leading the work of others.

    EIS is an Equal Opportunity Employer/M/F/V/Disabled.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed