Job Description

GS-0301-12, 2-Year Term Position

The primary purpose of this position is: Serves as an advanced analytical and technical expert for bridging NORAD and USNORTHCOM cyberspace operations, plans and assessments to data/intelligence/information requirements, fulfillment, and security. Provide comprehensive cyberspace data analytical support of the highest caliber to Commander, NORAD and Commander, USNORTHCOM. Ensure NORAD and USNORTHCOM decision makers are fully aware of cyberspace domain activities and impacts integral to operations and mission accomplishment at all times, but especially during military contingencies and war. Ensure cyberspace analytical support i s integrated into Homeland Defense operations.

Primary Roles and Responsibilities

Data Analyst - Performs duties as a data analyst for NORAD and USNORTHCOM on operational and technical matters relating to N&NC mission relevant cyber terrain. A key expert on theater Department of Defense Information Networks (DoDIN) and Defensive Cyberspace Operations supporting the Cyberspace Operations Division Chief. Integrates DoD cyberspace operations capabilities, administers cloud and on-premise databases and/or data management systems that allow for the storage, query, protection, and utilization of N&NC mission data. Examines data from multiple disparate sources with the goal of providing security and adversarial activity insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes. Writes, reviews and coordinates analytical portions of mission and staff related documents to include technical data when required to coordinate with Combatant Commands, Services, Agencies, components and other lateral agencies on Federal and DoD cyberspace operations guidance.

Security Architect - Integrates NORAD and USNORTHCOM Theater Defensive Cyberspace Operations capabilities enabling theater cyber key terrain sensor data ingest, data analytics, and visualization in near real-time. Technical expert for bridging NORAD and USNORTHCOM cyberspace operations, plans and assessments to data/intelligence/ information requirements and fulfillment. Integrates systems and serves as the primary interface with DoD cyberspace operations capability development operations; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes. Ensures that the stakeholder’s Defensive Cyberspace Operations requirements necessary to protect and defend N&NC missions, to include cyber intel fusion, are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions. Works closely with NORADUSNORTHCOM directorates (e.g., J2, J3, J5), Command Center and outside agencies to assess strategic cyber threat and vulnerabilities for NORAD and USNORTHCOM and within the Area of Operations (AO)/Area of Responsibility (AOR).

Cyber Defense Analyst - Provides full cyberspace analytical and cyber defensive support during day-to-day current operations, military exercises, contingencies, and war. Maintains persistent situational awareness of the theater cyberspace environment defensive posture and threat activities. Performs in-depth analysis of theater cyber key terrain to determine and report actual or potential NORAD and USNORTHCOM mission impact. Provide recommendations to key leaders on mitigation and exploitation strategies. Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations. Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within theater cyber key terrain to protect information, information systems, and networks, and associated transport from threats.

Partner Integration Planner - Coordinates and synchronizes NORAD and USNORTHCOM cyberspace operations with Canadian Forces, DHS, and DoD cyberspace operations capability providers. Establishes and maintains a consistent presence in the DoD cyberspace operations community. Serves as the primary operational focal point for the identification of cyber operational requirements and integration of modern technologies, innovation, and advanced computing methods. Supports strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations. Works to advance cooperation across organizational or national borders between cyber operations partners. Aids the integration of partner cyber teams by providing guidance, resources, and collaboration to develop best practices and facilitate organizational support for achieving objectives in integrated cyber actions.

RECRUITMENT KNOWLEDGES, SKILLS, AND ABILITIES (KSA): (Resume must reflect these to be considered)

1. Expert knowledge of data architecture, computer language structure and logic, and scripting.

2. Knowledge of query languages and compiled computer languages.

3. Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).

4. Expert knowledge of architecture and design to include cloud and hybrid-cloud architectures, data platforms, and associated technology stacks.

5. Knowledge of infrastructure to include transport, networking concepts and protocols, and end-points.

6. Expert knowledge of Department of Defense cyberspace operations capabilities to include Defensive Cyberspace Operations tools and techniques (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return oriented attacks, malicious code).

7. Expert knowledge of laws, organizational policies, and DoD regulations pertaining to cyberspace operations, to include Department of Defense Information Networks (DODIN), Defensive Cyberspace Operations-Internal Defensive Measures (DCO-IDM), and Defensive Cyberspace Operations-Response Action (DCO-RA) principles, and practices related to the DoD cyberspace operations and environment. Federal IT Security laws, regulations, mandates and guidance documentation (such as the Federal Information Security Act (2002), OMS Memorandums, NIST Special Publication 800 Series and Federal Information Processing Standards, DoD and USCYBERCOM instructions).

8. Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.

9. Skill in designing the integration of technology processes and solutions, including legacy systems and modern programming languages and translating operational requirements into protection needs (i.e., security controls).

10. Skill in detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort) and performing packet-level analysis.

11. Skill in tuning sensors, using protocol analyzers, collecting data from a variety of cyber defense resources, and reviewing logs to identify evidence of past intrusions.

12. Ability to apply network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Conditions of Employment:

• U.S. Citizenship Required

• Males must be registered for Selective Service, see www.sss.gov.

• In the performance of assigned duties, employee uses tact, diplomacy, and professionalism to promote effective working relationships with a variety of o