Cyber defense operator

- Perform continuous, near real-time network security surveillance and intrusion detection analysis across various networks and systems. - Examine IDS/IPS alerts according to Operating Instructions (OI) and established checklists. - Conduct host security monitoring, review alerts, and carry out intrusion detection analysis, including event analysis and triage. - Develop, review, and maintain procedures related to the comprehensive monitoring of Hosts/Systems. - Analyze security sensors and Intrusion Detection Systems (IDS) along with Security Information and Event Management (SIEM) to detect and correlate security events/issues, and review logs for potential intrusions requiring remediation. - Correlate unusual events with network events and data from databases and other external DoD resources when possible. - Analyze traffic, logs, and events to ascertain the need for advanced analysis and perform an initial evaluation of the type and scope of intruder activities. - Document details of any suspicious activity in a case management system (CMS) to facilitate further investigations. - Conduct triage of suspicious activity alerts and logs to deliver prompt and accurate decisions regarding severity. - Input event data into mission support systems as per operational guidelines and reports. - Escalate security incidents in accordance with established policies and procedures. - Compile end-of-mission reports (MISREPS) and communicate relevant information for knowledge transfer to incoming analysts about recent suspicious traffic patterns from specific ports, Internet Protocol (IP), etc. - Offer computer security-related assistance to Air Force field units. - Provide insights on detection mechanisms, including true positive and false positive events, to Content Development as necessary.