Organization
U.S. Cyber Command
Duty Location
FORT MEADE, ANNE ARUNDEL, MD
Major Duties
1: Red Team/OPFOR Community Coordination/Working Group Participation: As assigned, exercises delegated authority to participate in negotiations on the behalf of the Directorate and Command as an actively participating member of DoD, U.S. Government (USG), and other (professional community, academic, and industry) working groups, tasked to investigate and make recommendations on Red Team issues of broad interest and concern to the cyberspace program community. Vigorously represents the interests and concerns of the Command/DoD and ensures consideration of DoD-unique or high-priority issues in the establishment of broad-based regulations, policies and standards involved in implementing new Adversary Emulation concepts and methods within DoD. In this same manner, collaborates with colleagues within the DoD cyberspace community to advise on Adversary Emulation methodology, tools and general lessons learned pioneered by this team, which also serve as models for other DoD program elements. Participates in continuing efforts in a manner consistent with established formats and quality standards to capture, document, and catalog work products and other intellectual capital in forms suitable for the Command’s knowledge base.
(35%)
2: Adversary Emulation Capabilities Implementation: Works collaboratively with cyberspace SMEs (e.g., cyber operations planners, TTP developers) to define and document exercise objectives, define the scenarios and conditions to be simulated using Red Team methodology and tools, and document/communicate the roles and responsibilities of all participants. In particular, contributes Adversary Emulation expertise to make recommendations as to how these capabilities can be most effectively applied to support the mission. Works through iterative efforts to collaborate with exercise planners and other participants to tailor Adversary Emulation/Opposing Forces (OPFOR) capabilities and provide a virtual threat landscape that enables computerized simulations of threat actor TTPs and countermeasures, including the ability to “tweak” variables to explore and assess outcomes of changes in parameters associated with alternative courses of action. During the course of exercises, as required by the emergence of unforeseen events, makes adjustments to parameters to support additional iterations as necessary to further explore promising approaches or to isolate the source of apparent anomalies, such as findings that reflect adequate training and exercise setup, but are still not within standards. Works with other cyberspace SMEs in analysis of exercise assessments. Facilitates capture and documentation of lessons learned by exercise evaluators. Advises participants in assessing data to determine what and how results have been influenced by exercise parameters. Contributes to and validates conclusions documented in exercise reports before they are disseminated to the chain of command and other participants. As needed, participates in out briefings to provide insights into exercise findings and make recommendations for indicated courses of action.
(35%)
3: Adversary Emulation Requirements Analysis, and Capabilities Development & Implementation: Exercises initiative and employs a variety of means (formal and informal discussions with colleagues through the DoD community, participation in working groups) to maintain current and comprehensive knowledge of the DoD cyberspace program landscape, including current and projected requirements and priorities. Makes use of this detailed and current understanding of the challenges faced by cyber elements at all levels of the DoD program to propose (for the Division Chief’s consideration and approval) efforts on issues with potential to yield maximum payback, including program issues that are especially difficult to simulate in actual operations, making them attractive candidates for Adversary Emulation applications to better inform the various training audiences of realistic attack vectors faced while on operations. Conducts comprehensive research and evaluation of Red Team concepts, facilitating technologies, and automated tools. Uses these analyses is to identify Commercial Off the Shelf (COTS) and Government Off the Shelf (GOTS) items, which can serve as a platform for the development of cyberspace-specific Adversary Emulation applications. (Use of these COTS/GOTS products is preferred to development of proprietary products because it enables economic efficiencies and speeds the delivery of tools to the cyberspace community.) Documents and communicates project objectives, quality standards, deadlines, budgets, and relative priority of efforts. Draws on technical expertise and broad knowledge of cyberspace operations to facilitate discussions among SMEs as needed to resolve conflicting opinions about key issues. Obtains access to additional specialized SME assets as needed to facilitate full investigation of issues on which SMEs cannot reach common ground, and/or makes authoritative decisions on such technical issues when resolution cannot be otherwise achieved. Provides technical insights to support implementation of Adversary product development plans (TTP development, or C2 infrastructure deployment). Works through iterative testing of Red Team style products to ensure achievement of performance specifications, including those of cyberspace design features built in to ensure security and integrity with measures of effectiveness.
(30%)
Performs other duties as assigned.
Qualifications/ Specialized Experience
GG-09 - Specialized experience would be demonstrated by analyze computer and network security principles to monitor and evaluate system compliance with IT security requirements, recognize security breaches, conduct network assessments and security event analysis, and perform remote diagnostics and troubleshooting of network systems, computers, servers, and data communication equipment. Administer cybersecurity standards to evaluate the effectiveness of security measures for protecting automated systems and sensitive data, and to develop, implement, coordinate, and review security plans, policies, and procedures.
GG-11 - Specialized experience would be demonstrated by monitoring security breaches, conduct network assessments, and analyze security events. Perform remote diagnostics and troubleshooting of network systems, computers, servers, and data communication equipment and software. Collaborate with exercise planners, customize Adversary Emulation capabilities, create virtual threat landscapes, and adjust variables to test different outcomes.
GG-12 - Specialized experience would be demonstrated by monitoring security breaches, conducts network assessments, and analyzes security events. Perform remote diagnostics and troubleshooting of network systems, computers, servers, and data communication equipment and software. Evaluate and review the effectiveness of security measures using cybersecurity standards to protect automated systems and sensitive data, and develop and implement security plans, policies, and procedures.
GG-13 - Specialized experience would be demonstrated by representing the organization in negotiations and working groups to address issues and implement new Adversary Emulation methods. Collaborates with SMEs to define and document exercise objectives, scenarios, and conditions using methodology and tools. Collaborate with exercise planners to tailor Adversary Emulation capabilities, create virtual threat landscapes, and adjust variables to test different outcomes.
Conditions of Employment
Appointment may be subject to a suitability or fitness determination, as determined by a completed background investigation.
Three-year trial/probationary period may be required.
May be recalled to duty, may be required to work other than normal duty hours, which may include evenings, weekends, and/or holidays, and may be required to work overtime.
Work may occasionally require travel away from the normal duty station on military and/or commercial aircraft.
The employee must be able to obtain and maintain a TOP SECRET SCI clearance as a condition of employment and must complete a counterintelligence scope polygraph exam.
This position is a testing designated position (TDP) in accordance with (IAW) Drug Free Federal Workplace Program. As a precondition and continuing condition of employment, the incumbent of this position must, IAW Chapter 5, section II, paragraphs 5-8b and 5-8c(4) of AR 600-85 (The Army Substance Abuse Program) and DA PAM 600-85 (Army Substance Abuse Program Civilian Services), Chapter 3, paragraphs 3-2e and f agree to submit urinalysis testing on a recurring basis. The incumbent is required to sign a DA Form 5019 (Condition of Employment for Certain Positions Identified as Critical Under the DA, Drug Free Federal Workplace Program.
The incumbent must meet NSA personnel security requirements outlined in NSA/CSS Policy 5-1.
TDY will be required up to 35% of the time. Incumbent may be required to travel by military and/or commercial aircraft in the performance of assigned tasks.
Additional Information
If you are a current federal career/career-conditional employee, you will be placed on an excepted appointment.
Male applicants born after December 31, 1959, must complete a Pre-Employment Certification Statement for Selective Service Registration.
You will be required to provide proof of U.S. Citizenship.
Telework eligible: Yes
Permanent Change of Station (PCS) allowances may be authorized, subject to the provisions of the Joint Travel Regulations and an agency determination that a PCS move is in the Government Interest.
Relocation or recruitment incentives may be authorized.
Student loan repayment, advanced leave accrual, and advanced in-hire rate may be authorized.
Appointment type: Permanent
Work schedule: Full- time
Promotion potential: Yes
Supervisory status : No
This position is in the Professional Work Category at the Full Performance Work Level within the CES Occupational Structure.
This position is a DoD Cyber Excepted Service (CES) personnel system position in the Excepted Service under 10 U.S.C. 1599f.
The United States government does not discriminate in employment based on race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service or other non- merit factor.
DoD Components with CES positions apply Veterans’ Preference to preference eligible candidates, as defined by Section 2108 of Title 5 U.S.C, in accordance with the procedures provided in DoD Instruction 1400.25, Volume 3005, “CES Employment and Placement.” If you are a veteran claiming veterans' preference, as defined by Section 2108 of Title 5 U.S.C., you must submit documents verifying your eligibility with your application package.
A review of your application package will be used to determine whether you meet the qualifications requirements listed for this position.
Statement of Excepted Service- This position is a DoD Cyber Excepted Service (CES) personnel system position in the Excepted Service under 10 U.S.C. 1599f.
CES Veteran's Preference- DoD Components with CES positions apply Veterans’ Preference to preference eligible candidates, as defined by Section 2108 of Title 5 U.S.C, in accordance with the procedures provided in DoD Instruction 1400.25, Volume 3005, “CES Employment and Placement.” If you are a veteran claiming veterans' preference, as defined by Section 2108 of Title 5 U.S.C., you must submit documents verifying your eligibility with your application package.
Equal Opportunity Employer - The United States government does not discriminate in employment based on race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service or other non-merit factor.
The United States government does not discriminate in employment based on race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service or other non-merit factor
U.S. Army Cyber Command (ARCYBER) is the supporting Army headquarters under United States Cyber Command. ARCYBER is the U.S. Military's premiere data-centric force informing and enabling Army and Joint Force Commanders to achive Information Advantage throughout the spectrum of competition in a highly-contested, multi-domain environment. We operate and defend Army networks and deliver cyberspace effects against adversaries to defend the nation with over 16,500 Soldiers, civilians, and contractors working 24/7 across the globe.