The Department of Homeland Security (DHS) DHS Office of the Chief Information Officer (OCIO) is recruiting professionals with varying levels of technical expertise to support a range of DHS Network Operations Security Center (NOSC) efforts in Washington, DC; Chandler, AZ; and Stennis, MS. Roles include Email Security Subject Matter Experts(SMEs), Cybersecurity Threat Intelligence SMES, Cloud Security SMEs, and Cyber Forensics Malware Analysis SMEs.
For more details on elgibility, requirements, and evaluation. Please click “Apply Now”, which will take you to the US Gov job platform.
Job Grade: 2
Total Openings: many
The Department of Homeland Security (DHS) Network Operations Security Center (NOSC) was established under the Office of the Chief Information Officer (OCIO) Information Technology Operations (ITO) Division to serve as the central coordinating and reporting authority for all DHS Component Network Security Operation Centers (NOCs and SOCs) and perform security operations and incident management/handling for DHS Headquarters. The DHS OCIO is recruiting professionals with varying levels of technical expertise to support a range of positions that perform security operations and incident handling for DHS Headquarters (HQ) and Operational Components. These opportunities are in the DHS Cybersecurity Service Technical Track at varying career levels and encompass roles such as Email Security Subject Matter Experts(SMEs), Cybersecurity Threat Intelligence SMES, Cloud Security SMEs, and Cyber Forensics Malware Analysis SMEs. Depending on your career level and role, you will: Perform monitoring, analysis, incident response, and handling for DHS HQ, DHS Enterprise, or both as in pertains to CTI, CMFA, cloud or email security Proactively analyze network traffic patterns to identify possible threats – includes analyzing log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) and use other analytic tools and data science methodologies Monitor the DHS environment for potential threats or vulnerabilities, providing DHS leadership with situational visibility across the enterprise Conduct threat assessments for vulnerabilities on networks, systems software, cloud environments, and hardware and recommend appropriate mitigation Manage incidents in accordance with NIST stages of incident handling guidelines and assist others who are less seasoned in properly applying these standards Customize communications for different levels of leadership and audiences to provide strategic direction and support to Component leadership and/or their SOCs to enable mission capabilities Collaborate with internal and external DHS stakeholders and/or National Experts in performing critical security operations and incident handling Work with HQ and/or Component NOC/SOCs to develop and implement content along with associated artifacts related to known and new vulnerabilities Implement, configure, monitor, and/or maintain DHS enterprise Security Information and Event Management (SIEM), email, and endpoint detection and response (EDR) tools to monitor, detect and respond to threats on DHS networks and enclaves Apply knowledge of principles and techniques for gathering, recovering, analyzing, interpreting, preserving, and presenting information and digital evidence (from computers, mobile devices, websites, network packets, et al.) to support legal prosecution or other departmental requirements Use information known about incidents and their effects on networks, systems, cloud environments, and applications to recommend and prioritize short- and long-term recovery and repair actions Customize communications (e.g., incident updates and after-action reports to emphasize the most critical information and address anticipated follow-up concerns of specific target audiences Propose, manage, and maintain, a suite of DHS cybersecurity tools, to include SIEM and Endpoint Security Tools Develop software enhancements for cyber tools Develop supporting documents and maintenance schedules
DHS plans to hire for Email Security SMEs, CTI SMES, Cloud Security SMEs, and CFMA SMES in the technical career track across a range of career levels. These DHS Cybersecurity Service employees will start at specific career levels and salaries matching their experience and expertise and may progress to higher salaries and/or career levels over time. When applicant’s submit initial application information, they will have an opportunity to indicate which career track best describes their years of experience and level of expertise. Your application responses will determine the focus of the assessments you will complete to demonstrate your technical expertise. These positions are in the Technical Track across all career levels. These individuals generally: Have between 5-15 years of cybersecurity work experience and are either- Capable of serving as an experienced cybersecurity professional who applies technical expertise and independent judgement to perform a range of work, or – Capable of serving as a resident cybersecurity expert who applies significant technical expertise to develop solutions for critical, non-routine challenges, or – Capable of serving as a cybersecurity technical authority who performs work of unusual difficulty to develop complex solutions impacting key DHS or Federal cybersecurity programs, or – Capable of serving as a recognized federal cybersecurity technical authority with uncommon technical expertise who advises on cybersecurity challenges impacting DHS and the Nation When you submit your application, you will have the opportunity to select which of the following eight capabilities is your primary technical capability-reflecting your primary area of expertise that you would apply on the job: Generally, a DHS Cybersecurity Service employee whose primary technical capability is Cybersecurity Defensive Operations – Planning Execution and Analysis: Creates end-to-end tactical and strategic level cyber operations plans based on technical cybersecurity understanding, applicable policies, and cyber rules of engagement. Develops primary and contingency action plans and selects the most appropriate and effective methods of defense/attack that align with operational protocols. Employs available capabilities for mounting defensive/offensive cyber operations against identified threats. Applies knowledge of national strategies, plans, policies, and directives for offensive and defensive cyber operations (e.g., DoD Directive 3600.1, DCIDs, NSPDs, HSPDs). Generally, a DHS Cybersecurity Service employee whose primary technical capability is Cybersecurity Defensive Operations – Intelligence Collections and Analysis: Integrates, manages, and executes of all aspects of the cyber attack lifecycle to inform cyber defensive operations. Plans and executes end-to-end cybersecurity operations to defend protected assets. Plans collection operations, retrieves and analyzes key intelligence data. Understands where to focus surveillance. Oversees specialized denial and deception operations and collection of cybersecurity information that informs and develops the end-to-end operations. Generally, a DHS Cybersecurity Service employee whose primary technical capability is Threat Analysis: Collects, analyzes, and reports on cybersecurity threats and threat actors to support operations Understands and analyzes different sources of information (e.g., INTs, open source, law enforcement data) on specific topics or targets Provides tactical/operational analysis, including attribution of cyber actors using a variety of analytic techniques and tools Provides strategic-level analysis to support broader mission Develops and communicates situational awareness of local, regional, and international cybersecurity threats impacting stakeholder missions and interests Generally, a DHS Cybersecurity Service employee whose primary technical capability is Mitigation and Response: Tracks and responds to prioritized urgent IT and cyber events and indicators of compromise (IOCs) to mitigate threats to networks, systems, and applications Conducts root cause analysis and response coordination, providing recommendations for mitigation Applies understanding of tactics, techniques, and procedures for investigative processes, including identifying adversaries’ TTPs and applying corresponding defense or security controls Investigates and analyzes response activities and employs various advanced response and recovery approaches as appropriate Generally, a DHS Cybersecurity Service employee whose primary technical capability is Digital Forensics: Collects, processes, analyzes, interprets preserves, and presents digital evidence in support of network vulnerability mitigation, intelligence operations, and different types of investigations (including but not limited to administrative, criminal, counterintelligence and law enforcement) Applies TTPs for investigative processes Generally, a DHS Cybersecurity Service employee whose primary technical capability is Cybersecurity Architecture: Develops system concepts and works on the capabilities phases of the systems development life cycle; translates technology and environmental conditions (e.g., laws, regulations, policies and technical standards) into system and security designs and processes. Provides recommendations for investment standards and policies that drive how controls will be applied across the organization. Generally, a DHS Cybersecurity Service employee whose primary technical capability is Security Systems Operations and Maintenance: Implements, configures, and manages security devices and systems (such as firewalls, intrusion detection and log collectors, and vulnerability scanners) in accordance with policies, procedures, and best practices. Installs, manages, and monitors security measures to support mitigation efforts; shares relevant information with system and network administrators. Generally, a DHS Cybersecurity Service employee whose primary technical capability is Network Operations: Understands the installation, configuration, testing, operation, maintenance, and management of networks and their firewalls, including hardware and software, which permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems. DHS Cybersecurity Service employees start at career levels and salaries matching their experience and expertise. To learn more about DHS Cybersecurity Service career tracks and levels, visit our application portal. DHS Cybersecurity Service jobs are structured cybersecurity specializations – called technical capabilities. To learn more about technical capabilities, visit our application portal. Desired Tools/Industry Experience:
Continuously assess information from Security Information and Event Management (SIEM) System, Network Appliances (e.g., Firewalls, IDS, etc.), Cloud Services (e.g., AWS, Azure, etc.), Email (e.g., Office 365), and Endpoint (e.g., EDR) systems. Emphasize that the certifications listed below are only considered a plus, but not required for any of these positions. Desired Certification: Certified Cloud Security Professional (CCSP) Certified Ethical Hacker (CEH) Certified Forensic Analyst (GCFA) Certified Information Systems Security Professional (CISSP) Computer Hacking Forensic Investigator (CHFI) EnCase Certified Examiner (EnCE) GIAC Certified Incident Handler (GCIH) GIAC Cyber Threat Intelligence (GCTI) Network+ Security+