Defensive Cyberspace Operations SME

Staff · Augusta, Georgia
Department Staff
Employment Type Full-Time
Minimum Experience Experienced

The Defensive Cyberspace Operations SME will provide technical, operational, and policy expertise in DCO (with focus on cyberspace analytics, cloud computing operating systems (e.g. OpenStack and VMWare), DCO tools (e.g. Security Onion, Cobalt Strike, Python, Google Rapid Response, and Kali Linux), user activity monitoring (e.g. Innerview), forensics and malware analysis (e.g. Forensic Tool Kit and EnCase), DCO mission planning, advanced sensors, and threat emulation); 

• Analyze approved concepts and doctrine for the purpose of developing DOD DCO related universal tasks and determining DCO capability gaps. 

• Conduct research and analysis across multiple sources in order to establish the foundation for required DCO capability and architecture development, identify capability gaps, and generate DOTMLPF-P solutions such as doctrine (principles and tactics, techniques, and procedures (TTPs)) development, organizational design changes, training initiatives, materiel solutions, leadership and education requirements, personnel solutions, and facilities renovation and design.

• Assist with capability needs analyses (CNA) to assess the DOD's ability to perform future DCO missions as defined by joint and Army concepts taking into account existing and programmed solutions. Identify baseline joint and Army DCO capabilities; assesses and recommend priorities for capabilities based upon risk to mission success if not performed; assess accommodation of DCO capabilities given programmed DOTMLPF-P solutions resourced over the budget years; assess and recommend priorities for DOTMLPF-P solutions. Identify, assess, and recommend priorities for macro-level gaps given the current level of funding. Coordinate results of analyses that support recommendations to key stakeholders and senior leadership.

• Produce assessments which include results from studies, experimentation, war gaming, analyses, and testing and simulations in order to determine what DOTMLP-P solutions are necessary to fill capability gaps for the future force as required.

• Plans, prepares, executes, and leads action officer and senior-level conferences, meetings, workshops, and reviews in support of ongoing programs/projects related to CDID Cyber roles and responsibilities for developing capabilities for the Cyber Mission Force and overall cyberspace workforce. Present CM Cyber positions at conferences, boards, committees, panels, working groups, reviews and other forums as deemed appropriate.

• Develops information materials, provides analysis and presentations in support of all DCO capability development efforts. Serves as a subject matter expert for integrating DCO concepts into DOD Warfighting Requirements. Collaborates with proponent sponsors and HQDA, FORSCOM, USCYBERCOM, Joint Staff, and Combatant Commands for DCO capability development.

• Conducts comprehensive analysis to ensure that the integration of DOTMLPF-P factors are adequate to support current and emerging warfighting systems. Analyze changes in joint and other services’ cyberspace/electronic warfare and related doctrine and techniques to determine impact on DOD operational capabilities. Coordinates analysis results that support recommendations with key stakeholders and presents findings to CM Cyber.

• Produces concepts of operation, operational mode summaries/mission profiles, basis of issue guidance, and system training plans for systems within his/her area of focus. 

• Collaborates with the designated Program Management (PM) Office in the development of System Engineering Plans and Test and Evaluation Management Plans – assisting the PM with the identification and assessment of essential elements of analysis; and acts as a member of a team consisting of functional, training, operational and T&E experts to execute the post-deployment assessment. Ensures final solution is fielded in accordance with approved fielding strategy. 

• Develop current and future cyberspace analytic requirements including identification and collection of large volumes of data to build and enhance cyber security processes and systems.

• Develop a security architecture that processes information of various levels of sensitivity.

• Perform gap analysis to identify any gaps between security requirements and the architecture of the system and provide documentation of the results, to include recommendations on appropriate architecture changes. 

• Advise and consult with external organizations for the architecture, design, implementation, and deployment of security systems. 

• Research and evaluate security technologies to be used in future DOD security architecture. The security architecture work will include network security, network defense, operating system security identity, authentication and authorization, data protection, application security, activity audit and monitoring, mobile computing security, and partner/vendor access to corporate systems/data.

• Determine and develop critical drivers for experimentation/assessments (to include operational threads, applicable scenarios, and learning demands): 

• Synchronize and integrate all people, process, and technology aspects of experiments/assessments that build the required body of knowledge to operationalize DCO concepts with the associated required capabilities. This includes attending planning conferences, coordinating technical integrations/lab-based risk reductions, ensuring the delivery of equipment and new equipment training, and monitoring outcomes of validation and communication exercises. 

• Coordinate prototype experiments and demonstrations.  Prototype experiments are derived from internal review of concept development experiments (in particular, testing critical assumptions and critical program information); capability gap challenges based on an assessment of operational lessons learned and professional military judgments; integrated architecture analysis (when available); and innovative concepts from across the community of practice to include industry and academia. 

• Integrate all experimental or assessment insights and findings to produce the integrated body of knowledge supporting DCO capability development decision-making. Products represent the minimum information required to support the overall experimentation process and effectively capture the critical information for the CDID

• Generates products that provide experimentation/assessment observations, insights, findings, and recommendations. Produces applicable portions of a DOTMLPF Change Request and executes formal methods to capture the results of experimentation/assessments and ensure they are transitioned to the authoritative organization for implementation. 

• Collaborates with the Science & Technology (S&T) community to assist in developing the DOD Science and Technology Master Plan. DOD technology objectives identified in the DOD Science and Technology Master Plan provide the basis for the construct of advanced technology demonstrations. Works S&T community to develop and demonstrate a new DCO capability that does not exist though such methods as prototyping. Moreover, works with industry, academia, and/or the S&T community to accelerate the maturation of advanced technologies, assists in providing cost data for possible solutions and insight into non-materiel implications.

Required Education and Experience:

• Possess a minimum of three (3) years of experience in conducting defensive cyberspace operations in support of USCYBERCOM, INSCOM, Army Cyber Command or NSA cyberspace operations.  

• Two (2) years of experience with force modernization efforts such as capability development, materiel development, requirements determination/development, and/or force development is preferred but not required. Experience with DCO capability development can be substituted for operational DCO experience with approval of COR.

• Possess, a bachelor’s degree or higher.  Degree will have a focus in computer science, information technology, information systems management or computer programing.   

• In lieu of aforementioned computer science related bachelor’s degree, a bachelor’s degree of any kind along with professional IT certifications and/or years of experience as approved by COR.    

• Must be certified IAW 8570.1M as a CSSP Analyst, CSSP Infrastructure Support, or CSSP Responder. 

Additional Eligibility Qualifications:


Other Duties:

The above job description is not intended to be an all-inclusive list of duties and standards of the position.  Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. Duties, responsibilities and activities may change at any time with or without notice.

Work Authorization/Security Clearance:

A Top-Secret security clearance and upon award be immediately eligible for nomination to receive Special Compartmented Information (SCI) access.

Supervisory Responsibility:


Work Environment: 

The Cyberspace operations will conduct business between the hours of 0730 and 1630 hours Monday thru Friday except Federal holidays or when the Government facility is closed due to Federal Holidays, local or national emergencies, administrative closings, or similar Government directed facility closings. The work schedule may vary based on mission requirements. Work will be performed at the (US) Army CYBER CoE, CDID, CM Cyber, 506 Chamberlain Avenue, Fort Gordon, GA 30905-5735, unless designated to conduct duty at another local on a permanent or semi-permanent basis.

Physical Demands: 

Employee will be required to remain in a stationary position, often standing or sitting for prolonged periods, be able to ascend or descend ladders, stairs, ramps, and poles.  Employee must be able to accomplish tasks in various environments including tight and confined spaces.  Employee must be able to exert up to 50 pounds of force occasionally, and/or up to 20 pounds of force frequently, and/or up to 10 pounds of force constantly to move objects.  Employee is required to have close visual acuity to perform an activity such as preparing and analyzing data and figures, viewing a computer terminal and do extensive reading;  Physical demands are representative of those that must be met by an employee to successfully perform the duties described in the work environment. 


Travel within the Continental United States (CONUS) and Outside the Continental United States (OCONUS) to support tasks and requirements may be required.  

AAP/EEO Statement:

ATL provides equal employment opportunities to all employees and applicants without regard to race, color, religion, sex/gender, sexual orientation, national origin, age, disability, marital status, genetic information and/or predisposing genetic characteristics, victim of domestic violence status, veteran status, or other protected class status. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leave of absence, compensation and training. The Company also prohibits retaliation against any employee who exercises his or her rights under applicable anti-discrimination laws. Veterans with expertise in these areas are highly encouraged to apply. 


  • Medical, Dental, and Vision Plans offered to all employees.
  • 401K plan with up to 4% matching
  • Long-term and Short-term Disability
  • Standard Life Insurance
  • Training and Tuition Assistance
  • Paid Time Off (PTO)

Apply online at and click on Careers.

**This position is in support of current opportunities.** 


Thank You

Your application was submitted successfully.

  • Location
    Augusta, Georgia
  • Department
  • Employment Type
  • Minimum Experience