Data Science - Peraton : Job Details

The GCC provides CSSP responsibilities and conducts DODIN Operations and DCO - Internal Defensive Measures (IDM) to protect the DODIN in accordance with DoDM 8530.01 and the DoD Cybersecurity Services Evaluator Scoring Metrics (ESM). These responsibilities encompass five CSSP functions: Identify, Protect, Detect, Respond, and Recover. The GCC is responsible for executing these functions for its assigned segment of the DODIN, covering both unclassified and classified networks and systems.

The division supports services for the protection, monitoring, analysis, detection, and response to unauthorized activities within the DoD Information Systems and Networks. DCO-IDM services aim to defend all Army assets on the NIPRNet and SIPRNet. The division implements defensive measures to safeguard information, computers, and networks from disruptions, denial, degradation, or destruction. It manages sensors and analyzes events related to network and host-based activities, including managing in-line NIPS/NIDS sensors monitoring all CONUS DoDIN-A NIPRNet and SIPRNet traffic to detect outages and potential security breaches.

In coordination with GCC Operations, DCO initiates security procedures upon detecting attacks. Event analysis involves determining malicious threats and mitigating them following guidance from GCC leadership. The division also supports CSSP services on both NIPRNet and SIPRNet, develops reports and products for current and future needs, and prepares various documentation such as TTPs, SOPs, EXSUMS, trip reports, and point papers. Additionally, it contributes to the development of agreements, policies, and guidance like MOUs, SLAs.

The division performs DCI functions including:

• Developing and distributing content from security platform vendors weekly and as needed.
• Creating in-house content based on inputs from higher organizations and the Threat Hunt team.
• Providing content to tactical edge customers and developing TTPs for distribution.
• Consolidating data sources into a unified view to assess threat status.
• Maintaining dashboards displaying key cybersecurity metrics and active incidents in near real-time.
• Updating signatures and policies for sensors, with approval through the ITIL process.
• Developing signatures and policies for network- and host-based sensors, minimizing false positives, and validating syntax.
• Conducting development and testing on isolated networks, documenting activities, and maintaining plans and procedures, including annual updates.

Basic Qualifications:

• 8 years with BS/BA; 6 years with MS/MA; 3 years with PhD.
• Certifications such as CISSP, GCIA, GCLD, GDSA, GICSP, GSEC, ISSAP, or ISSEP.
• Active TS/SCI clearance.
• Ability to conduct vulnerability assessments and monitor networks to support testing and operational environments.
• Strong understanding of data transport, encryption, networking, IT systems, and cybersecurity fundamentals.