Security Clearance required:

TS/SCI

Do you want to make a difference?

Cognosante employees are passionate about improving people’s lives. With an innovative mindset and an unwavering commitment to those we serve, we partner with healthcare, civilian and defense agencies to deliver exceptional public services and programs. Our multi-faceted technology and customer experience (CX) solutions achieve program outcomes, solve critical challenges and create meaningful change. Whether we are helping Veterans access healthcare faster, ensuring that members of the military complete their missions safely, or helping people obtain health insurance, our work touches millions of people. Are you ready to make a difference?

Come Join Our Team

Fast-paced, dynamic, and rewarding environment supporting regional defense efforts. This project delivers defensive cyberspace operations (DCO) support to Cyber Security Service Provider Division (CSSP-D), US Army Regional Cyber Center-Korea. The CSSP-D environment includes any hardware, software, application, tool, system, or network used by the Government, whether developed, leased, or commercially purchased. Our operations are based on-site at Camp Humphreys, South Korea. Employees are authorized to receive a Living Quarters Allowance, a Cost-of-Living Allowance, and relocation expenses. Additionally, our employees are eligible for reimbursement for school-aged children to attend either Department of Defense Education Activity schools (space available) or local school of choice.

What is the position?

As a Cyber Threat Assessment Analyst, you will be required to defend against unauthorized activity on all Army assets residing on NIPRNet, SIPRNet, and CENTRIX-K. Your work will include current and new systems at various lifecycle stages, and any future applications/systems not currently identified. This includes activities from external hackers who may attempt to gain unauthorized access, insider threat attempts for unauthorized access, and policy violations that may impact network security and operations. You will be required to continue performance during peacetime, crisis, hostilities, and war operations. This position requires DoD 8140 Certification compliance by having either a Bachelor’s degree in an appropriate major or one of the certifications listed below.

What will I get to do?

You will recognize a cyber security incident and take appropriate action to report the incident and preserve evidence, mitigating any adverse impact, and devising defensive measures. You will support Disaster Recovery (DR) and Continuity of Operations (COOP) Capability. You will synchronize DCO programs with ARCYBER personnel as required via working group participation to develop, research, publish, test, and annually update Deliverables, Standard Operating Procedures and Tools, Tactics, Techniques and Procedures (TTTP) related to Cyber Defense, Live Incident Handling Analysis, Cyber Threat Analysis, Threat Detection, Computer Defense Assistance Program (CDAP), and the Cyber Intrusion Analysis Program (CIAP). You support Cybersecurity Service Provider (CSSP) accreditation. You will conduct monthly training on specific DCO topics derived from previous incident analysis, security testing, lessons learned, and other self-directed research/study. You will conduct Computer Defense Assistance Program (CDAP) missions IAW AR 380-53, Communications Security Monitoring. You will support an NDA team to travel to the incident location within 4 hours of notification. You will make recommendations for software tool development or upgrade (may include supported hardware) in support of internal defensive measure to narrow gaps within existing enterprise solutions. You will at least twice annually, define current DCO posture and capabilities for supported networks, identify gaps with current DCO posture, generate a detailed analytical report for gaps found, and provide input to implementation plans. You will coordinate, de-conflict, and employ internal defensive measures within the DoDIN. You will assess new technologies and devices relevant to DCO. You will participate in exercises and assist with the development, planning and support of exercises such as Gaining Cyber Dominance or other cyberspace defense engagements. You will support Cyberspace Operations (CO) and DCO mission planning, mission analysis, and technical analysis. You will provide situational awareness of evolving network threats trends. You will participate in ARCYBER Cyberspace Operations (CO) meetings, conferences, and working groups. You will provide DCO Network Security Monitoring, Detection, and Analysis. You will analyze and correlate anomalous events identified in Security Information Event Management (SIEM) systems, Big Data Analytics, and supporting devices/applications. You will analyze, correlate, and trend anomalous events and incidents to identify and characterize the threat or incident. You will conduct exploratory and in-depth analysis of network traffic from security devices, analysis of host-based audit logs, malware analysis, trending of incident reports, correlation of classified and open-source threat reporting, and linkages/integration with other DCO agencies. You will implement mitigation measures in response to general or specific Advanced Persistent Threats (APT), (attempted exploits/attacks, malware delivery, etc.) on the respective networks. You will develop, staff, coordinate, and execute Incident Response investigations for the operational environment (NIPRNet, SIPRNet and CENTRIX-K).

What qualifications do I need?

• Active DoD TS/SCI clearance

• Bachelor’s degree or higher from an accredited college or university in one of the following fields: Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, Computer Engineering, Mathematics or Engineering

• Any of the following certifications can be substituted for a Bachelor’s degree: CCSP or CEH or CFR or Cloud+ or CySA+ or GCED or GICSP or PenTest+ If substituting certification for a Bachelor’s degree, a HS diploma or GED is required in addition to the certification

What additional characteristics will help me thrive?

• Familiarity with Kali Linux and the Metasploit tool suite, Burpsuite Pro, wireless security tools and assessments, Cobalt Strike, Firewalls, Intrusion Detection and Prevention Systems, and other security assessment tools.

• Previous experience in an equivalent position

What We Offer  

Our mission is to provide comprehensive and competitive pay, benefits, services, and programs to eligible employees and their dependents that: 

• Ensure optimal health and productivity of our employees  

• Support employee retention and attraction 

• Provide work/life balance to ensure our employees succeed inside and outside of the office 

Compensation

$74,436.56 - $119,096.32

The pay range for this job is determined by various factors, including but not necessarily limited to location, responsibilities of the job, and alignment with market data. When determining a salary for this role, the following factors may be taken into consideration - contract-specific affordability, education, knowledge, skills, competencies and experience. The estimate displayed represents the salary range for this position and is just one component of Cognosante’s total compensation package for employees. It is not necessarily reflective of actual compensation that may be earned, nor a promise of any specific pay for any specific employee.

Cognosante will not provide sponsorship for employment-based immigration benefits for this position.

What We Promise  

Cognosante employees are inspired by our bold mission to improve lives. To achieve this mission, we put our people first. No matter where they're located around the nation, our innovative workplaces enable individuals to apply their skills and experience to work toward a greater good.

We foster a winning culture of solution creators built on innovation, collaboration, flexibility, and work-life balance. And we invest in the next generation of diverse talent to foster an inclusive, progressive, adaptable workplace that prioritizes advancement for all. As an affirmative action employer, we are committed to equal opportunity regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.  

Your safety during your job search is important. Recruiting communications will always be sent through one of the following corporate domain emails (@cognosante.com or @accurate.com).

We will never send communications through any other domain, including @cognosantecareers.com, @gmail.com or @yahoo.com). We will never request payment from you, nor will we send payment to you, prior to your start date. If you have been asked to send or receive any payment, or if you have any doubt about whether you have been contacted by a Cognosante employee, please contact us at jobs@cognosante.com

At Cognosante, we innovate with purpose. Each day, we create meaningful change by delivering mission-driven solutions for healthcare, civilian, and defense government agencies. When you work at Cognosante, you’ll apply your talents and grow your career with an organization that believes in the missions of our customers – and the right every employee has to an inclusive, flexible, and collaborative workplace. Work with us, and you’ll be challenged and supported—and have the platform to elevate your career to wherever your professional aspirations lead.​

Get to know Cognosante employees

• We’re driven by our customers’ missions, and measure success by how we improve lives.

• We believe innovative solutions start with an innovative culture.

• We believe customer understanding is the key to creating innovative solutions.

• We know we are stronger together, and we value the diversity of our people.

• We believe growth should be a core job benefit.

Like many other companies, Cognosante has been targeted by scammers making fraudulent job offers to potential candidates. As shared on our company website (https://cognosante.com/careers/) , communications from Cognosante recruiting are only sent with an official corporate domain email (e.g., @cognosante.com) and not a commercial domain e-mail (e.g., @gmail.com or @yahoo.com)). We will never request payment from an applicant, nor will we send payment to an applicant, prior to that individual’s start date.

We want to recommend a couple of ways that you can report this incident and take action against these scams:

-The FBI: File a Complaint (https://www.ic3.gov/Home/FileComplaint)

-The FTC: Report Fraud (https://reportfraud.ftc.gov/#/)

Also, if you're not sure where to report the scam, you can find some guidance here: Where to report scams | USAGov (https://www.usa.gov/where-report-scams) .