Mid. Cyber Defense Incident Responder
World Wide Technology, Mountain Home, TX, United States
This is a full‑time direct hire position and you must currently have an active TS/SCI Security Clearance or above. We are not able to offer visa sponsorship, 1099 status, or work with C2C for this role.
What will you be doing? WWT is seeking a Mid Cyber Defense Incident Responder to support the requirements of the 33 Cyber Operations Squadron (33 COS) in efforts to provide incident response on alerts from systems newly aligned to the Air Force Cyber Security Support Provider (CSSP).
Location San Antonio, TX (fully on‑site at Lackland AFB)
Responsibilities
Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
Coordinate with enterprise‑wide cyber defense staff to validate network alerts.
Document and elevate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
Identify and analyze anomalies in network traffic using metadata.
Identify applications and operating systems of a network device based on network traffic.
Perform cyber defense trend analysis and reporting.
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Interpret and incorporate data from multiple tool sources.
All other duties as defined by CSSP.
Qualifications
4+ years of experience in conducting incident handling/response, cyber threat hunting, computer forensics, cyber network defense and analysis.
Bachelor’s Degree or Higher in Cybersecurity, Computer Science or related field.
IAT II 8140 Certification.
GIAC Certified Forensic Analyst (GCFA).
Security Clearance: Top Secret/SCI with potential for higher read‑ins.
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes.
Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
Knowledge of cybersecurity principles.
Knowledge of cyber threats and vulnerabilities.
Knowledge of specific operational impacts of cybersecurity lapses.
Knowledge of authentication, authorization, and access control methods.
Knowledge of cyber defense and vulnerability assessment tools, including open‑source tools.
Knowledge of intrusion detection methodologies and techniques for detecting host and network‑based intrusions via intrusion detection technologies.
Knowledge of Palo Alto XOAR playbook development.
Linux Incident response and forensics background.
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Knowledge of network traffic analysis methods.
Skilled in deep packet inspection (DPI), anomaly detection, and traffic pattern analysis using tools like Zeek, Wireshark, NetFlow, and PCAP replay environments.
Preferred Locations San Antonio, TX and surrounding areas.
Salary Range $110,000.00 to $130,000.00 annually.
Benefits
Health, Dental, and Vision Care; Onsite Health Centers; Employee Assistance Program; Wellness program.
Competitive pay; Profit Sharing; 401(k) Plan with Company Matching; Life and Disability Insurance; Tuition Reimbursement.
Paid Time Off: PTO and Sick Leave (starting at 20 days per year); Holidays (10 per year); Parental Leave; Military Leave; Bereavement.
Additional Perks: Nursing Mothers Benefits; Voluntary Legal; Pet Insurance; Employee Discount Program.
#J-18808-Ljbffr
What will you be doing? WWT is seeking a Mid Cyber Defense Incident Responder to support the requirements of the 33 Cyber Operations Squadron (33 COS) in efforts to provide incident response on alerts from systems newly aligned to the Air Force Cyber Security Support Provider (CSSP).
Location San Antonio, TX (fully on‑site at Lackland AFB)
Responsibilities
Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
Coordinate with enterprise‑wide cyber defense staff to validate network alerts.
Document and elevate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
Identify and analyze anomalies in network traffic using metadata.
Identify applications and operating systems of a network device based on network traffic.
Perform cyber defense trend analysis and reporting.
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Interpret and incorporate data from multiple tool sources.
All other duties as defined by CSSP.
Qualifications
4+ years of experience in conducting incident handling/response, cyber threat hunting, computer forensics, cyber network defense and analysis.
Bachelor’s Degree or Higher in Cybersecurity, Computer Science or related field.
IAT II 8140 Certification.
GIAC Certified Forensic Analyst (GCFA).
Security Clearance: Top Secret/SCI with potential for higher read‑ins.
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes.
Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
Knowledge of cybersecurity principles.
Knowledge of cyber threats and vulnerabilities.
Knowledge of specific operational impacts of cybersecurity lapses.
Knowledge of authentication, authorization, and access control methods.
Knowledge of cyber defense and vulnerability assessment tools, including open‑source tools.
Knowledge of intrusion detection methodologies and techniques for detecting host and network‑based intrusions via intrusion detection technologies.
Knowledge of Palo Alto XOAR playbook development.
Linux Incident response and forensics background.
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Knowledge of network traffic analysis methods.
Skilled in deep packet inspection (DPI), anomaly detection, and traffic pattern analysis using tools like Zeek, Wireshark, NetFlow, and PCAP replay environments.
Preferred Locations San Antonio, TX and surrounding areas.
Salary Range $110,000.00 to $130,000.00 annually.
Benefits
Health, Dental, and Vision Care; Onsite Health Centers; Employee Assistance Program; Wellness program.
Competitive pay; Profit Sharing; 401(k) Plan with Company Matching; Life and Disability Insurance; Tuition Reimbursement.
Paid Time Off: PTO and Sick Leave (starting at 20 days per year); Holidays (10 per year); Parental Leave; Military Leave; Bereavement.
Additional Perks: Nursing Mothers Benefits; Voluntary Legal; Pet Insurance; Employee Discount Program.
#J-18808-Ljbffr