View all jobs

Cyber Intel AnaIyst

Camp Arifjan, Kuwait
Intermedia group has the following open position with our client:
Title:                      Cyber Intel Analyst
Location:               Camp Arifjan, Kuwait
Clearance:            Top Secret / SCI
Required Certification(s): CDAP Training Certified or Army Penetration Testing Course Completed, requires applicable DOD 8570 CNDSP Auditor certification.​


This contract effort provides non-personal defensive cyberspace operations support to the Defensive Cyberspace Operations Division (DCOD), U.S. Army Regional Cyber Center – Southwest Asia (USARCC-SWA). The DCOD environment includes any hardware, software, application, tool, system, or network used by the Government, whether developed, leased, or commercially purchased. Work includes current and new systems at various lifecycle stages, and any future applications/systems not currently identified. DCO services are required to defend against unauthorized activity on all Army assets residing on the NIPRNet, SIPRNet, CENTRIXS, JWICS, and any authorized CENTCOM Coalition computer network. This includes activities from external hackers who may attempt to gain unauthorized access, insider threats attempts for unauthorized access, and policy violations that may impact network security and operations. Work is required to continue performance during peace, crisis, hostilities, and war operations.

  • Conduct Computer Defense Assistance Program (CDAP) missions IAW AR 380-53, Communications Security Monitoring. CDAP missions consist of three mission types – Network Assistance Visits (NAV), Network Damage Assessments (NDA), and Persistent Penetration Testing (PPT).
  • Perform Network Assistance Visits (NAVs). Assess Post/Camp/Station (P/C/S) security enclaves, by means of trends and analysis to assist in prioritization in NAV visits. Conduct NAVs IAW established Best Business Practices (BBP), regulations, policies and procedures.
  • Perform Network Damage Assessments (NDAs). Travel to the incident location within 4 hours of notification. Validate suspected compromises and identify the depth of intrusions to gain knowledge for use in mitigation, recovery, and future prevention of possible compromises. Use the results of each assessment (on-going) to determine the best method of mitigation or continued monitoring. Report findings which indicate the current presence of an adversary to government leadership immediately, with formal write up within 2 hours. Findings which could lead to a potential CAT I/CAT II shall be formally documented and reported IAW CJCSM 6510.01a and CCIR requirements. During an NDA, provide verbal updates to the government lead every 2 hours that cover the progress, immediate findings, or issues. Provide a written report to the network/systems owner or the Authorizing Official (AO) and the Information Systems Security Manager within 5 business days of the completion of an NDA.
  • Perform Persistent Penetration Testing (PPT). Conduct persistent penetration testing, as directed by the COR, on all supported networks. Execute tactical overwatch operations and network surveillance of the Department of Defense Information Network – Army to conduct open network testing. Verify network deficiencies by identifying potential weaknesses and circumventing the defensive posture to gain access onto the network and recommending mitigation actions. Contractor personnel conducting penetration testing are required to have an Army Penetration Testing Certification (APTC) and have a thorough understanding of Federal Information Processing Standards Publication (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems. Evaluate new Penetration Testing TTP’s (new tool usage or adversary TTP) as required for inclusion on approved Penetration Tools list. Maintain and document training and use of all vetted Penetration Testing (PT) Tools.
  • Conduct an intrusion/penetration assessment for each Subscriber annually providing total coverage for all systems and network segments. A NAV may count towards this annual requirement as long as the NAV is provided to a documented Subscriber (i.e. Network Enterprise Center (NEC)). Provide the Subscriber with a report of findings and track the Subscribers’ remediation actions through the receipt of POA&M updates. Notify ARCYBER of planned assessment activity and provide ARCYBER a report of findings upon completion.
  • Qualifications

    Education and Certifications:
  • Bachelors Degree with appropriate IAT III certification and associated Continuing Education Certification.
  • CDAP Training Certified or Army Penetration Testing Course Completed
  • CDAP Trainer Certified (Preferred)
  • Requires applicable DOD 8570 CNDSP Auditor certification.
  • Background Needed and Years of Experience:
  • 3+ Years of Experience with a solid background in Defensive Cyber Operation
           Must Have Technical Skills:
  • Full working knowledge and experience supporting DoD Network Assistance Visits (NAV), Network Damage Assessments (NDA), and Persistent Penetration Testing (PPT) events.

If you are interested please contact:
Zeke Goulbourne
Director of Business Development – Government Solutions


Steve Fleischner
Intermedia Group, Inc.

(212) 248-0100
Powered by