Cyber Operator (CPT)

Title: Cyber Operator (CPT) Location: Joint Base San Antonio, TX Clearance: TS/SCI Program: DCRIOS Company/ Program Description: Centuria, a Service-Disabled Veteran-Owned Small Business (SDVOSB), has been delivering IT, Engineering, and Scientific solutions to the Federal Government since 2002. During our two decades of service we have earned the trust and respect of our government clients for the simple reason that we have great people who are experts in their fields and take pride and ownership in everything they do. The Washington Post has recognized Centuria Corporation as one of the top workplaces in the DC Metro area for 2024. This award celebrates nationally recognized companies that make the world a better place to work together by prioritizing a people-centered culture and giving employees a voice. The Top Workplaces USA award is based entirely on feedback from an employee engagement survey completed by the employees of participating workplaces. Centuria is honored to have been awarded this distinction. This role will directly support the Air Force's Defensive Cyber Realization, Integration & Operational Support (DCRIOS II) contract under the mission of the 67th Cyberspace Wing (67 CW). The 67 CW's mission is to deliver cyberspace outcomes in order to generate a decisive advantage across the continuum of conflict for the nation. The wing presents combat cyberspace capabilities to the Service, United States Cyber Command, and the Joint Forces. In this capacity, the wing acts as the Air Force’s Cyber execution arm for conducting global cyberspace operations. Additionally, the wing provides organic operations training, cyber capability development, operational testing, and range capabilities to drive readiness across the Cyber Mission Force (CMF). Position Description: Serve on a Cyber Protection Team (CPT) in either a Cyber Security Network Analyst position or Cyber Security Host Analyst position. Conduct cyber threat hunting, network navigation, tactical forensic analysis, forensic collection of digital artifacts and other valuable operational data, and when directed, execute operations in support of defensive initiatives. Provide support for persistent monitoring of all designated networks, enclaves, and systems. Interpret, analyze, and document findings in reports in accordance with computer network directives, including initiating, responding, and reporting discovered events. Manage and execute first-level responses and address reported or detected incidents. Position Requirements: TS/SCI - Active Two (2) or more years’ experience in cyber security required DoD 8570 IAT Level III certification (current) Experience with toolsets such as the Elastic Stack, Arkime, Zeek, Wireshark, Metasploit, tcpdump, NMap, Nessus, Snort, EnCase, and Forensic Toolkit Strong knowledge of Windows Fundamentals, UNIX/Linux fundamentals, and adversary Tactics, Techniques, and Procedures (TTPs), such as initial access, credential access, privilege escalation, persistence, lateral movement, and exfiltration Experience with scripting and Command Line tools, such as UNIX/Linux Bash, Windows Command Line Interface (CLI), PowerShell, and Python Proficient in writing, editing, executing scripts on Windows, UNIX/Linux systems Experience with encrypted and unencrypted remote access technologies, such as RDP, SSH, VPN, Telnet, and FTP General knowledge of cyber security frameworks, such as the Cyber Kill Chain, MITRE ATT&CK, and the NIST 800 series General knowledge of physical computer components and architectures, including the functions of computer domains, directory services, various components and peripherals, basic programming concepts, assembly codes, TCP/IP, OSI models, underlying networking protocols (e.g., DNS, ARP, etc.), security hardware and software Proficient in collecting and analyzing digital data, recording detailed notes, and documenting findings in reports Candidate must be self-motivated and able to perform with minimal supervision Travel may be required up to 25% Must successfully complete, and maintain, mission qualification requirements Positions available at JBSA-Lackland, Texas and at Scott AFB, Illinois Preferred Skills/ Qualifications: Possess, or be willing to obtain within 6-months of start date, an additional certification related to your specific role (Host or Network): Host – Operating system certification (i.e., Linux+, Windows Server, GCIH, etc.) Network – Network related certification (i.e., Network+, CCNA, GCIH, etc.) Knowledge of cyber forensic collection, preservation, and chain of custody Experience with Endpoint Detection and Response (EDR) toolsets, such as Elastic Endpoint Security, Endgame, CrowdStrike Falcon, and Trellix EDR Experience with encryption, decryption, and hashing technologies such as DES, AES, RSA, PKI, SHA, and MD5 Knowledge of Red Team Tactics, Techniques, and Procedures (TTP) Knowledge of distributed systems, process control, advanced routing, wireless, cloud, telecom and datacom platforms Knowledge of virtualization concepts, technologies and tools, such as VMware/Virtual Box, Docker, Kubernetes, and Ceph Familiarity with Cloud Computing concepts, technologies, and tools, such as AWS, Azure, and Google Cloud Experience programming in C, C++, C#, Ruby, Perl, Python, SQL