U.S. Army Cyber Command
Job Description
Organization U.S. Cyber Command Duty Location FORT MEADE, ANNE ARUNDEL, MD Major Duties 1: Red Team/OPFOR Community Coordination/Working Group Participation: As assigned, exercises delegated authority to participate in negotiations on the behalf of the Directorate and Command as an actively participating member of DoD, U.S. Government (USG), and other (professional community, academic, and industry) working groups, tasked to investigate and make recommendations on Red Team issues of broad interest and concern to the cyberspace program community. Vigorously represents the interests and concerns of the Command/DoD and ensures consideration of DoD-unique or high-priority issues in the establishment of broad-based regulations, policies and standards involved in implementing new Adversary Emulation concepts and methods within DoD. In this same manner, collaborates with colleagues within the DoD cyberspace community to advise on Adversary Emulation methodology, tools and general lessons learned pioneered by this team, which also serve as models for other DoD program elements. Participates in continuing efforts in a manner consistent with established formats and quality standards to capture, document, and catalog work products and other intellectual capital in forms suitable for the Command’s knowledge base. (35%) 2: Adversary Emulation Capabilities Implementation: Works collaboratively with cyberspace SMEs (e.g., cyber operations planners, TTP developers) to define and document exercise objectives, define the scenarios and conditions to be simulated using Red Team methodology and tools, and document/communicate the roles and responsibilities of all participants. In particular, contributes Adversary Emulation expertise to make recommendations as to how these capabilities can be most effectively applied to support the mission. Works through iterative efforts to collaborate with exercise planners and other participants to tailor Adversary Emulation/Opposing Forces (OPFOR) capabilities and provide a virtual threat landscape that enables computerized simulations of threat actor TTPs and countermeasures, including the ability to “tweak” variables to explore and assess outcomes of changes in parameters associated with alternative courses of action. During the course of exercises, as required by the emergence of unforeseen events, makes adjustments to parameters to support additional iterations as necessary to further explore promising approaches or to isolate the source of apparent anomalies, such as findings that reflect adequate training and exercise setup, but are still not within standards. Works with other cyberspace SMEs in analysis of exercise assessments. Facilitates capture and documentation of lessons learned by exercise evaluators. Advises participants in assessing data to determine what and how results have been influenced by exercise parameters. Contributes to and validates conclusions documented in exercise reports before they are disseminated to the chain of command and other participants. As needed, participates in out briefings to provide insights into exercise findings and make recommendations for indicated courses of action. (35%) 3: Adversary Emulation Requirements Analysis, and Capabilities Development & Implementation: Exercises initiative and employs a variety of means (formal and informal discussions with colleagues through the DoD community, participation in working groups) to maintain current and comprehensive knowledge of the DoD cyberspace program landscape, including current and projected requirements and priorities. Makes use of this detailed and current understanding of the challenges faced by cyber elements at all levels of the DoD program to propose (for the Division Chief’s consideration and approval) efforts on issues with potential to yield maximum payback, including program issues that are especially difficult to simulate in actual operations, making them attractive candidates for Adversary Emulation applications to better inform the various training audiences of realistic attack vectors faced while on operations. Conducts comprehensive research and evaluation of Red Team concepts, facilitating technologies, and automated tools. Uses these analyses is to identify Commercial Off the Shelf (COTS) and Government Off the Shelf (GOTS) items, which can serve as a platform for the development of cyberspace-specific Adversary Emulation applications. (Use of these COTS/GOTS products is preferred to development of proprietary products because it enables economic efficiencies and speeds the delivery of tools to the cyberspace community.) Documents and communicates project objectives, quality standards, deadlines, budgets, and relative priority of efforts. Draws on technical expertise and broad knowledge of cyberspace operations to facilitate discussions among SMEs as needed to resolve conflicting opinions about key issues. Obtains access to additional specialize