TitleComputer Network Defense (CND) AnalystCategoryInformation TechnologyDescriptionDescription:The Computer Network Defense (CND) Analyst will provide Cyber Security Support to the Defense Logistics Agency (DLA).Additional Responsibilities Include, but are not Limited To:Perform actions to protect, monitor, detect, analyze, and respond to unauthorized activity within assigned information systems and computer networks.Employ Cybersecurity capabilities and deliberate actions to respond to a CND alert or emerging situational awareness/threat.Serve as an expert on CND requirements and compliance to such requirements by using IA tools and techniques to perform compliance analysis and correlation, tracking and remediation, coordination, and escalating CND non-compliance.Provide technical analysis and sustainment support for the enterprise for IA tools and applications and assists with the application of Defense-In-Depth signatures and perimeter defense controls to diminish network threats.Perform monitoring of DLA's cybersecurity tools, triage of all alerts as well as analysis and response of all cybersecurity incidents.Perform Threat Hunting to ensure proactive efforts are made to discover malicious activity and threats to DLA's environment.Incident Detection and Analysis:Monitors cybersecurity tools for alerts and relevant dashboards for traces of system compromise.Initiates incident response actions.Correlates data from multiple sources to include host & network-based IDS & IPS, available log and packet capture data, data pulled by forensics tools, government & open-source intelligence.Assesses the scope of suspected or confirmed cyber incidents and takes immediate action to prevent the spread of the activity.Develops countermeasures such as custom SIEM and IDS rules/signatures to strengthen DLAs ability to prevent and detect attacks against DLA assets and data.Incident Response:Maintains an initial triage and response process for cybersecurity incidents.Ensures proper reporting to law enforcement and intelligence groups in the event of incidents involving classified data spillages, incidents involving cleared defense contractors or where suspected criminal activity has occurred.Works with DLA subscriber groups to identify operational or technical impact of an incident as well as the criticality of the system/data affected by the incident.Supports DLA PMO incident response processes.Coordination of countermeasure deploymentMaintaining incident escalation proceduresMaintaining point of contact for each subscriberParticipating in annual Incident Response Tabletop exercises as requestedThreat Hunting:Provides recommendations for hunting targets within DLA's network environments.Uses tools defined in the Threat Hunting SOPs and TTPs to engage in Threat Hunting exercises at the direction of DLA CERT leadership.Identifies potential detection signatures to assist in identifying threats to DLA's environment and implement them.Assist with proposal development, if necessary.Perform other duties, as assigned.Experience:Five (5) years of relevant experience or related formal education.Two (2) years of experience performing root cause analysis of cybersecurity events and incidents.Two (2) years of experience analyzing network traffic and/or system logs.Education:Bachelor's degree preferred.Certificates, Licenses, Registrations:DOD Approved 8570/8140 Baseline Certification: Category IAT Level II required.DOD Approved 8570/8140 CSSP Certification: CSSP-IR required.Other Required Skills & Abilities:Must possess written and verbal skills to appropriately document and brief