Cyber Defense Specialist

Roles and responsibilities

Trace Systems is seeking a dynamic Cyber Defense Specialist to join our team in support of the AFCENT Combined Air Operations Center (CAOC) contract at Doha, Qatar. This role offers the opportunity to management, administration and implementation of cybersecurity Mission Defense programs to ensure confidentiality, availability, and integrity of Enterprise and AOC networks, systems and information. If you're ready to make a significant impact and thrive in a mission-critical environment, this opportunity is for you!

The job responsibilities include, but are not limited to

• Analyze identified anomalous or malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information;
• Assist in the development indicators, alerts, and/or signatures for cybersecurity applications and tools;
• Correlate cyber events and/or incidents to information obtained from sources (e.g., alerts, intelligence, threat reports, etc.);
• Evaluate logs from network resources (e.g., individual hosts, firewalls, intrusion detection/prevention systems, etc.);
• Characterize and analyze network traffic to identify anomalous activity and potential indicators of threats to network resources;
• Perform trend analysis and reporting on network traffic and cyber events/incidents.
• Generate system and network baselines;
• Collect and analyze intrusion artifacts (e.g., source code, malware, trojans);
• Conduct analysis of host systems (Windows and Linux) for indications of compromise;
• Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation;
• Perform real-time incident handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks;
• Serve as technical experts and liaisons to law enforcement personnel;
• Track, escalate and document cyber incidents from initial detection through final resolution, IAW SPIN-C and applicable cybersecurity regulations;
• Use discovered data to develop mitigations/remediation to potential network incidents;
• Write network guidance and report on incident findings to appropriate constituencies/stakeholders;
• Configure and maintain Security Information and Event Manager dashboards.
• Attend and participate in cybersecurity meetings, as required;
• Develop and submit a Cybersecurity Monthly Status Report;
• Develop and submit recurring/ad-hoc reports, as required by the government;
• Perform applicable technical support and O&M activities for cyber mission defense systems;
• Utilize standard software tools to perform vulnerability scans of network equipment and software; and assist network, systems and client administrators in implementing corrective actions required when vulnerabilities are detected.
• Other Duties as Required.
• Active, in-scope US Government issued Top Secret clearance with SCI eligibility
• Due to the nature of the work and contract requirements, US Citizenship is required.
• DoDM 8140 IAT Level 2 (CySA+) or higher certification
• DoDM 8140 CSSP‐A certification
• DoDM 8140 CSSP‐IR certification
• Bachelor's degree in Computer Science or related field, OR 5+ years’ relevant work experience

Desired candidate profile

Threat Intelligence and Monitoring:
Continuously monitor network traffic, logs, and system activities for signs of security breaches, intrusions, or anomalies using security monitoring tools (e.g., SIEM systems like Splunk, ArcSight).
Stay updated on the latest cybersecurity threats, attack techniques, and vulnerabilities to proactively defend against emerging risks.
Collect, analyze, and share threat intelligence from internal and external sources to understand potential threats and assess their impact on the organization.
Leverage threat intelligence platforms (TIPs) and security tools to identify and block malicious activities, suspicious patterns, and attacks.
Incident Response and Mitigation:
Respond to security incidents such as unauthorized access attempts, data breaches, malware infections, and denial-of-service (DoS) attacks.
Investigate and analyze security incidents to determine the root cause, scope, and impact of the attack.
Work with internal teams to contain, mitigate, and recover from security incidents while minimizing damage and downtime.
Follow established incident response protocols and document actions taken during an incident for later review, analysis, and reporting.
. Vulnerability Assessment and Management:
Perform regular vulnerability assessments and penetration testing to identify weaknesses in the organization's network, systems, and applications.
Use automated vulnerability scanning tools (e.g., Nessus, OpenVAS) and manual techniques to identify and prioritize vulnerabilities that could be exploited by attackers.
Work with IT teams to patch vulnerabilities, upgrade software, and apply security configurations to strengthen the organization’s defense.
Ensure timely resolution of security weaknesses and misconfigurations.