August 28, 2018
Job Type
cybersecurity incidents, cybersecurity, Computer Network Defense Service Provider, CNDSP, DISA, ACAS, SWAMP, Computer Security Incident Response Team, CSIRT, security incidents, cybersecurity policies, cybersecurity procedures, IAVA, CJCSM 6510.01, SOCOM


CND Watch Analyst (12957)

Job Description

Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize preservation of data or property, and information security. Investigates and analyzes all relevant response activities.



  • Contributes to the standup of the incident response division
  • Assists Detection Team with Incident Detection Triage and take over Incidents from Detect team and complete all actions
  • Works with Program Office Divisions (and other units as needed), to remediate incidents, acquire the 5w’s and ensure the incident has been rectified and documented appropriately
  • Works with the Information Assurance Team, Security manager and GOVT ISSM to ensure any Data Spills are handled appropriately. Manage the data Spill Process, working with external agencies as required to ensure cleanup and mitigation is accomplished within required times as set out by government
  • Produce Daily Status updates on all Open Incidents
  • Produce AAR for all closed Incidents
  • Remotely access machines to remove unauthorized software, and conduct malware eradication.
  • Coordinate with and provide expert technical support to enterprise-wide computer network defense (CND) technicians to resolve CND incidents
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
  • Monitor external data sources (e.g., computer network defense [CND] vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of CND threat condition and determine which security issues may have an impact on the enterprise
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and
  • Intrusion Detection System [IDS] logs) to identify possible threats to network security
  • Perform command and control functions in response to incidents
  • Perform computer network defense (CND) incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation
  • Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems
  • Perform real-time computer network defense (CND) incident handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
  • Track and document computer network defense (CND) incidents from initial detection through final resolution
  • Write and publish computer network defense (CND) guidance and reports on incident findings to appropriate constituencies
  • Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)
  • Collect intrusion artifacts (e.g., source code, malware, and trojans) and use discovered data to enable mitigation of potential computer network defense (CND) incidents within the enterprise
  • Serve as technical expert and liaison to law enforcement personnel and explain incident details as required
  • Experiencing using but not limited to – Splunk, HBSS, ACAS, Fidelis, SIEM Concepts


Candidate Requirements

The applicant must meet the following requirements:


  • 8-10 years of related systems engineering experience
  • Advanced knowledge of systems engineering principles, methods, and techniques
  • Knowledge of the associated hardware, software, and equipment
  • Professional certification in one or more specific technologies may be required, depending on job assignment
  • Must possess and maintain a Top Secret/SCI Clearance
  • Must meet DoD 8570 requirements and be eligible for IAT level II access upon hire for positions with elevated privileges and must obtain ITIL V3 Foundation within six months of hire
  • Depending on job assignment, additional specific certifications may be required
  • This position may be required to complete short-term deployments to austere locations worldwide
  • The work is typically performed in an office environment, which requires normal safety precautions; work may require some physical effort in the handling of light materials, boxes or equipment
  • The above job description is not intended to be, nor should it be construed as, exhaustive of all responsibilities, skills, efforts, or working conditions associated with this job


Requests for reasonable accommodations will be considered to enable individuals with disabilities to perform the principal (essential) functions of this job.


IMPORTANT:    Must have an active TS/SCI Security Clearance


  • Bachelors Degree in Computer Science, Engineering or a related technical discipline, or the equivalent combination of education, technical training, or work/military experience
  • Must have CompTIA Security+
  • Must have CEH



Pratt, Brown & Associates, LLC is committed to creating a diverse environment and is proud to be an equal opportunity employer.  If this position does not meet all your requirements, we welcome you to contact us with your resume.  We have additional opportunities that may not be listed and we would be happy to match your skills with other available jobs.  Please e-mail us your resume with your salary requirements to  We look forward to helping you find a job opportunity that best fits your needs.


Drop files here browse files ...

Related Jobs

string(14) "Privacy Center"

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

Pin It on Pinterest

Are you sure you want to delete this file?