Cyber Protection Brigade, Information Technology Cybersecurity Specialist

Organization

U.S. Army Cyber Command

Duty Location

FORT EISENHOWER, RICHMOND, GA

Major Duties

The U.S. Army Cyber Protection Brigade (CPB) also known as the "Hunter" brigade is Army's premier cyber threat hunter. We hunt advanced adversaries to enable information advantage in multi-domain operations and maintain and defend strategic cyber infrastructure. We are comprised of 1,300-plus specially trained and mission-focused Soldiers and civilians who work as a cohesive team to drive cyberspace operations and impose cost on our nation's enemies.
The incumbent will serves as a Host Analyst for a U.S. Army Cyber Protection Team (CPT) in the U.S. Army Cyber Protection Brigade (CPB). The incumbent will knowledge of system/server and host based forensics to enable cyber security operations. The cyber role of a Host Analyst performs hunt, clear, enable hardening, as well as provide Cyber Threat Emulation (CTE) and Discovery and Counter-Infiltration (D&CI) capabilities.

• Install, operate, maintain, configure, test, and secure hardware and software-based Operating Systems (OS).
• Conduct in-depth analysis of host systems and servers for indicators of Malicious Cyber Activity (MCA), Insider Threat, or lack of best practices of Defensive Cyber Operations.
• Review host scan results to provide guidance, hardening recommendations, and system configuration best practices which, enable local network/system owners to secure their environment against Malicious Cyber Activity (MCA).
• Recognize and/or develop signatures to identify indicators of compromise on client host systems/servers.
• Perform triage procedures on potentially malicious systems within mission parameters.
• Clear and defend critical assets, Mission Relevant Terrain (MRT) or Key Terrain - Cyber (KT-C) either remotely or by deploying to the affected location as needed.
• Develop Army/Department of Defense countermeasures, threat/vulnerability analysis, operational assessment and threat mitigation.
• Coordinate with local defenders and cybersecurity service providers (CSSPs) to develop methods for the timely and accurate reporting and implementation of recommended defensive countermeasures.

Qualifications/ Specialized Experience

Army CES positions apply Veteran's Preference to preference eligible candidates, as defined by Section 2108 of Title 5 U.S.C., in accordance with the procedures provided in DoD Instruction 1400.25, Volume 3005, "CES Employment and Placement". If you are a veteran claiming veterans' preference, as defined by Section 2108 of Title 5 U.S.C., you must submit documents verifying your eligibility with your application package.

In order to qualify, you must meet the education and/or experience requirements described below for each applicable grade level you wish to be considered. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student; social). You will receive credit for all qualifying experience, including volunteer experience. Your resume must clearly describe your relevant experience; if qualifying based on education, your transcripts will be required as part of your application. Additional information about transcripts is in this document. To qualify based on your experience, your resume must describe one-year of specialized experience that demonstrates the possession of knowledge, skills, abilities, and competencies necessary for immediate success in the position. Such experience is typically in or directly related to the work of the position to be filled. Specialized
experience would be demonstrated by:

GG-07: Assisting in performing surveys and evaluating network traffic to identify baselines, trends, anomalous traffic, and potential malicious cyberspace activities; and assisting in incident response process and threat mitigation and development of mitigations and threat counter measures.

GG-09: Updating security patches in compliance with Cybersecurity policy/ regulations; and collecting information from customers to be used in the restoration of network services.

GG-11: Detecting anomalies in host data; monitoring enterprise tools for potential intrusions; and mitigating threats by keeping tools up to date with the latest approved system and security releases.

GG-12: Installing, operating, maintaining, configuring, testing, and/or securing hardware and software-based operating System (OS) environments (for example Microsoft Windows and Linux); analyzing network or host data and devices to recognize anomalous behavior/artifacts; determining the stage(s) of an intrusion (for example using network and/or host artifacts, along with possible use of software, to determine what stage of the cyber kill chain that a potential adversary is in); and creating threat reporting and/or briefing based on analysis. The specialized experience must include, or be supplemented by, information technology related experience (paid or unpaid experience and/or completion of specific, intensive training, as appropriate) which demonstrates each of the four competencies, as defined:

(1) Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Examples of IT-related experience demonstrating this competency include: completing work independently that rarely requires editing or review by others

(2) Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Examples of IT-related experience demonstrating this competency include: resolving simple and routine problems, questions, or complaints and providing support and guidance to customers on non-routine issues; serving as a primary resource for customers, requesting assistance with complex issues when necessary; and participating in meetings and providing advice to customers in own area of expertise.

(3) Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Examples of IT-related experience demonstrating this competency include: expressing facts and ideas in a clear, concise, convincing, and organized manner; clearly conveying moderately complex ideas, concepts, and information to customers; exhibiting active listening by demonstrating understanding of audience comments and/or questions.

(4) Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Examples of IT-related experience demonstrating this competency include: identifying and solving problems by gathering and applying information from a variety of materials or sources that provide several alternatives; recognizing and taking action to address non-routine problems; soliciting feedback from multiple stakeholders to understand an issue or problem and accurately assess its root causes and potential solutions; seeking supervisory review where appropriate.

EDUCATION:

GG-07 Substitution of Education for Experience: One full year of graduate level education from an accredited or pre-accredited institution in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management; or, graduate level education from an accredited or pre-accredited institution that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems, or networks.

OR

Superior Academic Achievement: Successful completion of all the requirements for a bachelor's degree from an accredited or pre-accredited institution in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management; or, bachelor's degree from an accredited or pre-accredited institution that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems, or networks. Superior Academic Achievement is based on:

(1) Class Standing - You must be in the upper third of the graduating class in the college, university, or major subdivision, such as the College of Liberal Arts or the School of Business Administration, based on completed courses; OR

(2) Grade-Point Average (G.P.A.) - You must have a grade-point average of either (a) 3.0 or higher out of a possible 4.0 ("B" or better) as recorded on your official transcript, or as computed based on 4 years of education, or as computed based on courses completed during the final 2 years of the curriculum; or (b) 3.5 or higher out of a possible 4.0 ("B+" or better) based on the average of the required courses completed in the major field or the required courses in the major field completed during the final 2 years of the curriculum.; OR (3) Honor Society Membership - You may be considered eligible based on membership in one of the approved national scholastic honor societies listed by the Association of College Honor Societies (

GG-09 Substitution of Education for Experience: Master's or equivalent graduate degree or 2 full years of progressively higher level graduate education leading to such a degree from an accredited or pre-accredited institution in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management; or, two full years of graduate education from an accredited or pre-accredited institution that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems, or networks.

GG-11 Substitution of Education for Experience: Ph.D. or equivalent doctoral degree or 3 full years of progressively higher level graduate education leading to such a degree from an accredited or pre-accredited institution in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management; or, three full years of graduate education from an accredited or pre-accredited institution that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems, or networks.

GG-12 You must meet the qualification requirement using experience alone--no substitution of education for experience is permitted.

FOREIGN EDUCATION: If you are using education completed in foreign colleges or universities to meet the qualification requirements, you must show the education credentials have been evaluated by a private organization that specializes in interpretation of foreign education programs and such education has been deemed equivalent to that gained in an accredited U.S. education program; or full credit has been given for the courses at a U.S. accredited college or university. For further information, visit:

Conditions of Employment

• Appointment to this position is subject to a three year probationary period unless the appointee has previously met the requirements as described in Department of Defense Instruction 1400.25 Version 3005, Cyber Excepted Service, Employment and Placement.
• Must be able to obtain and maintain TOP SECRET eligibility with access to Sensitive Compartmented Information (SCI).
• This position is classified as Information Technology access level IT-I (Privileged User) and Sensitivity Matrix for Top Secret/ Sensitive Compartmented Information (SCI) is Special sensitive, Tier 5.
• Must successfully pass urinalysis screening for illegal drug use prior to appointment and periodically thereafter according to Amy Regulation (AR) 600-85, Alcohol and Drug Abuse Prevention and Control Program.
• May be required to successfully complete an initial and periodic Counter Intelligence-scope Polygraph (CI Poly) examination with No Deception Indicated (NDI).
• Personnel assigned to work in an National Security Agency (NSA) facility must be able to obtain and maintain access to National Security Agency (NSA) facilities and networks.
• Duties of this position may entail alternative work schedules (AWS) such as variable or MAXIFLEX, including extended shifts; 24/7 rotating shifts, nights, weekends, and/or and holidays as required. The employee is subject to recall for urgent situations; and/or working extended overtime in response to surge situations.
• Temporary duty travel (TDY) may be required up to 30% annually and be contiguous United States (CONUS) or outside the continental United States (OCONUS). All Team employees are subject to extended temporary duty travel (TDY) during crisis situations to perform mission essential functions as determined by management, which may include deployment, immunizations, passport, and related requirements. Temporary duty travel (TDY) may occur at austere or hazardous locations mission dependent.
• May be required to carry a cellular telephone/Portable Electronic Device (PED) and maintain a working personal telephone at all times.
• Incumbent is required to successfully complete all applicable preparation courses, training, and comply with the Career Management Field's training certification policy.
• Incumbent must obtain and maintain Career Management Field's training certification policy for Army Job Qualification Record (JQR) Validation and Certification.
• This position has been designated mission essential. Employee may be required to remain on duty or report for duty during severe weather or other installation closings. May be required to work overtime and other than normal duty hours which may include evenings, weekends, and/or holidays. -Call back and emergency duty are regular requirements of this position.
• Position is subject to situational or ad hoc telework. Telework agreement required.

Additional Information

• If you are a current federal career/career-conditional employee, you will be placed on an excepted appointment.
• Male applicants born after December 31, 1959, must complete a Pre-Employment Certification Statement for Selective Service
  Registration.
• You will be required to provide proof of U.S. Citizenship.
• Direct Deposit of Pay is required.
• Must be able to obtain and maintain a Top-Secret security clearance.
• Incumbent must be able to obtain (within 6 months of appointment) and maintain the proper and current Information Assurance
  certification to perform Information Assurance functions in accordance with Department of Defense 8570.01-Memorandum, Information
  Assurance Workforce Improvement Program and Army Best Business Practice 05-PR-M-0002, Information Assurance (IA) Training and
  Certification.
• Selection is subject to restrictions resulting from Department of Defense referral system for displaced employees.
• If you have retired from federal service and you are interested in employment as a reemployed annuitant, see the information in the
  Reemployed Annuitant information sheet.
• This is a(n) Digital Technology Career Field position.
• Multiple positions may be filled from this announcement.
• Salary includes applicable locality pay or Local Market Supplement.
• When you perform a Civilian Permanent Change of Station (PCS) with the government, the Internal Revenue Service (IRS) considers the
  majority of your entitlements to be taxable. Visit
  Deduction/ for more information.
• Permanent Change of Station (PCS) allowances may be authorized, subject to the provisions of the Joint Travel Regulations and an agency
  determination that a PCS move is in the Government Interest.
• Relocation incentive may be authorized.
• Recruitment incentive may be authorized.

Statement of Excepted Service- This position is a DoD Cyber Excepted Service (CES) personnel system position in the Excepted Service under 10 U.S.C. 1599f.

Required Documents- 1. Your resume: Your resume may be submitted in any format and must support the specialized experience described in this announcement. If your resume includes a photograph or other inappropriate material or content, you may not be considered for this vacancy. For qualifications determinations your resume must contain hours worked per week and the dates of employment (i.e., HRS per week and month/year to month/year or month/year to present). If your resume does not contain this information, you may not receive consideration for this position. 2. Other supporting documents: Transcripts (if using education to qualify), SF50, DD214, Veteran’s Administration letter with disability rating. Proof of Eligibility to Apply: Your application must include the documents which prove you are eligible to apply for the vacancy. WARNING: DO NOT INCLUDE CLASSIFIED INFORMATION IN YOUR APPLICATION PACKET! Application packages that contain Classified information WILL NOT receive consideration for this position. Should you submit a resume or any other document as part of your application package and it is confirmed that any of the information is Classified, in addition to being found ineligible for consideration for this position, your Security Office will be notified to determine if any further action is warranted. If you fail to provide the required documents, you will be marked as having an incomplete application package and you will not be considered any further.

Other supporting documents:

• Cover Letter, optional
• This position has an individual occupational requirement and/or allows for substitution of education for experience. If you meet this requirement based on education you MUST submit a copy of your transcript with your application package or you will be rated ineligible.
• This position requires a job-related license or certification. You MUST submit a copy of your license or certification with your application package or you will be rated ineligible.

Important Information about Application Supporting Documents/Attachments for Cyber Excepted Service (CES)Flyer Announcements:
Provide documents that support your qualification for the position, typically, these are documents such as resume, transcript, and SF-50.Personally Identifiable Information (PII), such as SSN and DOB data should be REDACTED or REMOVED from documents prior to submission, especially SF-50 and DD 214 forms.

Please ensure your documents are labeled: Last Name, First Name - Document Type

EXAMPLES:

Doe, Jane - Resume
Doe, Jane - SF50 Redacted
Doe, Jane - Transcript
Doe, Jane- DD 214 Redacted
Doe, Jane - VA Letter Redacted
NOTE: Documents submitted as part of the application package, to include supplemental documents, may be shared beyond the Human Resources Office. Some supplemental documents such as military orders and marriage certificates may contain personal information for someone other than you. You may sanitize these documents to remove another person's personal information before you submit your application. You may be asked to provide an un-sanitized version of the documents if you are selected to confirm your eligibility.

Applicants can go to this link to learn more about what to include in a Federal resume:

Interested Applicants can direct questions to: View email address on click.appcast.io

CES Veteran's Preference- DoD Components with CES positions apply Veterans’ Preference to preference eligible candidates, as defined by Section 2108 of Title 5 U.S.C, in accordance with the procedures provided in DoD Instruction 1400.25, Volume 3005, “CES Employment and Placement.” If you are a veteran claiming veterans' preference, as defined by Section 2108 of Title 5 U.S.C., you must submit documents verifying your eligibility with your application package.

Equal Opportunity Employer - The United States government does not discriminate in employment based on race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service or other non-merit factor.