Role Description
:
The Operations Watch Analyst serves as a critical member of the Cybersecurity Operations team, responsible for identifying, investigating, reporting, and mitigating cyber incidents across diverse network environments.
This role ensures timely detection, analysis, and response to security events in accordance with Chairman of the Joint Chiefs of Staff Manual (CJCSM) .01B and other applicable Department of Defense (DoD) directives. The analyst will assess the severity of incidents, document findings, and coordinate appropriate response actions with stakeholders across the DoD Information Network (DoDIN).
1. Maintain a thorough working knowledge of CJCSM .01B and ensure compliance with related policies and procedures.
2. Develop, maintain, and continuously improve Standard Operating Procedures (SOPs) for operational watch functions.
3. Conduct proactive network intrusion detection, monitoring, correlation, and analysis to identify potential threats.
4. Validate and assess suspicious events to determine if they meet incident criteria, ensuring accurate and timely entry into designated reporting systems.
5. Coordinate with Joint Force Headquarters-DoDIN (JFHQ-DoDIN) and supported organizations to ensure appropriate analysis, reporting, and escalation of significant incidents.
6. Provide 24/7 incident response coverage, including after-hours and surge support as mission needs dictate.
7. Perform network and host-based digital forensics across Microsoft Windows and other operating systems to support incident analysis and remediation.
8. Analyze full packet captures (PCAP) using tools such as Wireshark and other network forensic utilities.
9. Correlate system and network activity using Splunk and other log aggregation tools to detect anomalies and potential intrusions.
10. Develop, tune, and implement Intrusion Detection/Prevention System (IDS/IPS) signatures to enhance detection accuracy and minimize false positives.
11. Participate in program reviews, product assessments, and on-site certification evaluations to strengthen cyber defense posture.
12. Support a rotating shift schedule (4x10-hour workdays), including at least one weekend day.
13. Work collaboratively in a high-tempo, mission-focused environment requiring flexibility and occasional overtime for surge operations.
Qualifications:
Clearance Level:
14. Secret with upgrade to TS required
Education/ Experience:
15. Bachelor’s degree in Cybersecurity, Information Technology, or a related field; or a minimum of three years of directly relevant experience, preferably within a DoD or federal cybersecurity environment.
16. Willingness to travel up to 15% globally, including short-notice (72-hour) deployments in support of incident response operations.
Certifications:
17. Must hold an IAT Level II (Tier 1 and 2) or IAT Level III (Tier 3) certification (per DoD .01-M) and PWS certification requirements in accordance with DoD cybersecurity workforce requirements.
Preferred:
18. Five or more years of cybersecurity incident response experience.
19. Strong knowledge of incident response procedures, packet analysis, IDS/IPS technologies, and host-based security tools.
20. Proficiency in log correlation and analysis using tools such as Splunk, Elastic, or equivalent platforms.
21. Familiarity with digital forensics tools and methodologies.
22. Demonstrated ability to analyze complex issues, think critically, and operate independently under pressure.
23. Excellent written and verbal communication skills to support operational reporting and coordination.
24. In-depth understanding of CJCSM .01B reporting requirements.
25. Prior experience in DoD environments.
26. Experience conducting digital forensics and malware analysis.