• ARCYBER Defensive Cyberspace Operations (DCO) Lead

    Job ID 2018-2650
    Job Locations
    US-VA-Fort Belvoir | US-MD-Fort Meade
    IT: Administrator / Analyst / Architect / Engineer
    Regular Full-Time
  • Overview

    NCI is a leading provider of enterprise solutions and services to U.S. defense, intelligence, health and civilian government agencies. Coupled with a refined focus on strategic partnerships, we are successfully bridging the gap between commercial best practices and mission-critical government processes. Core competencies include:

    • Artificial intelligence
    • Agile digital transformation
    • Advanced analytics
    • Hyperconverged infrastructure solutions
    • Cyber security and information assurance
    • Fraud, waste and abuse
    • Engineering and logistics


    NCI has been designated a 2018 Military Friendly Employer by MilitaryFriendly.com 


    Headquartered in Reston, Virginia, NCI has approximately 2,000 employees operating at more than 100 locations worldwide.


    NCI: As the Defensive Cyberspace Operations (DCO) Lead, you will provide services in support of the United States (U.S.) Army Cyber Command’s (ARCYBER) mission is to direct and conduct integrated Electronic Warfare (EW), Information Operations (IO), and Cyberspace Operations, as authorized or directed, to ensure freedom of action in and through cyberspace and the information environment, and to deny the same to adversaries. Established in October 2010, ARCYBER is the Army Service Component Command (ASCC) to the U.S. Cyber Command (USCYBERCOM), responsible for conducting cyberspace operations (i.e., Offensive Cyberspace Operations (OCO), Defensive Cyberspace Operations (DCO), and Department of Defense Information Network (DODIN) operations), as directed and authorized, on behalf of Commander, USCYBERCOM. ARCYBER organizes, trains, educates, mans, equips, funds, administers, deploys, and sustains ARCYBER forces to conduct cyberspace operations. This position will inevitably require relocation to the Ft. Gordon, GA area. In assuming this position, you will be a critical contributor to meeting NCI's mission: To deliver innovative, cost-effective solutions and services that enable our customers to rapidly adapt to dynamic environments.


    Highlights of Responsibilities:

    • Overseeing programs, initiatives, and projects under the Task Order in the area of DCO.
    • Managing the seamless coordination of DCO spanning arcoss both CONUS and OCONUS locations.
    • Coordinating the maintenance of Operational Control (OPCON) over the RCCs to include overseeing the defensive actions performed throughout the regions that are located in Southwest Asia, Europe, Hawaii, Korea, and Arizona. ARCYBER HQ DCO monitors and ingests information throughout the RCCs and facilitates information flow directly to the ARCYBER Commanding General.
    • Assisting in DCO planning, coordinating, integrating, synchronizing, and conducting cyberspace operations and defense of Army networks.
    • Developing and maintaining SOPs and TTPs pertinent to all DCO services, as required.
    • Developing a training program to ensure all personnel are trained and equipped to effectively perform their roles in DCO.
    • Developing reports and correspondence for the senior military and Government leadership, as required.
    • Daily work activities include, but are not limited to, management and technical support of Incident Management (IM), Attack Sensing and Warning (AS&W), Cyber Response Team, and Forensics and Malware analysis:
      • Cyber Incident Management (IM) Team: provides oversight of activities and is directly responsible for receiving, analyzing, and distributing information in order to mitigate cyber incidents/events occurring throughout the RCCs across the designated AORs.
    • IM provides daily operational status briefings, makes technical recommendations, and provides procedural strategies for the Army Global “enterprise” network.
    • IM provides technical support to the Army Cyber Operations Integration Center (ACOIC) staff during identification, resolution, and tracking of network intrusions and other cyber security incidents/events.
    • IM coordinates with the RCCs, USCYBERCOM, JFHQ, DODIN, LE/CI, and IC, and various other agencies in order to triage and systematically analyze cyber intrusion events.
      • Attack Sensing and Warning (AS&W): provides oversight and lead detection, correlation, identification, and characterization of intentional unauthorized activity and coordinate information on detected events with required teams to ensure timely response is executed. AS&W Team also provides support using scripting languages (e.g., Python, Perl, PowerShell, etc.) to understand the adversarial capabilities and risks.
      • Cyber Response Team: provides support in response to cyber threats, reviewing and assessing threat activities, unknown/new vulnerabilities, and developing mitigation plans accordingly. 
      • Forensic and Malware Analysis (F&MA): provides digital media and network forensics using a variety of methods to detect and identify anomalous and/or malicious software. Coordinates with internal and external mission partners to execute F&MA functions, including Law Enforcement and Counterintelligence (LE/CI) liaison officers, and other intelligence professionals to understand higher-level adversary capability. The F&MA team also analyzes collected media to inform and improve DCO capabilities and TTPs.
      • Cyber Applications and Tools: provides development and maintenance of cyber applications and tools. This includes infrastructure and application maintenance and upgrades, configuration management, system development (i.e., SDLC), and integration of existing tool sets to improve DCO capabilities.
      • Endpoint Security Systems: provides planning, monitoring, reporting, and compliance of Endpoint Security (EPS) throughout the enterprise. Perform all services during the core operational hours or as required per the shift assignments and threat priorities.
      • Information Assurance: provides 24x7x365 situational awareness and management of Army networks in support of HBSS, Assured Compliance Assessment Solution (ACAS), Information Assurance Vulnerability Management (IAVM), Cyber Scorecard, Vulnerability Disclosure Program, CCRI, and DODIN incidents. This includes real-time management and surveillance of the Army’s portion of the DODIN.
      • DODIN Mission Planning: assists in planning, coordinating, and synchronizing DODIN Operations. Architect, build, configure, secure, operate, maintain, and sustain networks and information. Also assists in the operational planning and initiatives to support infrastructure and networks. Supports mission assurance efforts, to include the assessment and implementation of cybersecurity policies, programs, audits, accreditations, risk management, and maintenance of a cybersecurity scorecard.



    • Active TS/SCI clearance.
    • Access to NSANet: must pass and maintain for the life of the contract, a CI-Scope Polygraph Examination and meet all NSA security requirements (including the Special Interview Program (SIP) adjudication process).
    • Bachelor's Degree and at least ten (10) years of experience; at least five (5) years experience in the following:
      • Managing teams in support of DCO in the DoD or IC (with at least one year having occurred in the past five years).
      • Working directly with current threats and attack vectors (with at least one year having occurred in the past two years).
      • Working directly with current defensive cyberspace TTPs (with at least one year having occurred in the past two years).
    • Current Information Assurance (IA) certification (required at performance start date): CSSP Analyst (CEH, CFR, CySA+, GCIA, GCIH, GICSP, SCYBER).


    Preferred Education and Experience:

    • Experience implementing solutions that improve the effectiveness and efficiency in a dispersed operational organization.
    • An active Certified Information Systems Security Professional (CISSP) Certification.


    Physical Requirements:

    • Sitting for long periods
    • Standing for long periods
    • Ambulate throughout an office
    • Ambulate between several buildings
    • Travel by land or air transportation 25%


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.