Leas Cyber Network Defense Analyst IV
Company: Raytheon
Location: Arlington
Posted on: June 23, 2022
Job Description:
Job Description
- The DHS's Hunt and Incident Response Team (HIRT) secures the
nation's infrastructure. HIRT provides DHS's front-line response
for cyber incidents and proactive hunting for malicious cyber
activity. Raytheon Technologies (RTX) provides support for on and
offsite incident response to Government agencies and critical
infrastructure owners who experience cyber-attacks. RTX provides
HIRT advanced technical assistance, proactive hunting, rapid onsite
incident response, and immediate investigation, using host and
network-based cybersecurity analysis capabilities. Personnel
perform investigations to characterize the level of severity of
breaches and develop mitigation/remediation plans. Raytheon
Intelligence & Space (RIS) is seeking a Network Forensics Detection
Team Lead to support this critical customer mission.
- Responsibilities:
- - Leading a diverse team of highly skilled forensics
specialists
- - Determine appropriate course of action in response to
identified and analyses anomalous network (NW) activity
- - Assesses NW topology and device configurations identifying
critical security concerns and providing security best practice
recommendations
- - Assist with writing and publishing of Computer Network
Defense (CND) guidance and reports on incident findings to
appropriate constituencies
- - Collect NW intrusion artifacts (e.g., PCAP, domains, URI's,
certificates, etc.) and use discovered data to enable mitigation of
potential CND incidents
- - Analyze identified malicious NW activity to determine
weaknesses exploited, exploitation methods, effects on system and
information
- - Collect NW device integrity data and analyze for signs of
tampering or compromise
- - Assist with real-time CND incident handling (i.e., forensic
collections, intrusion correlation and tracking, threat analysis
and advising on system remediation) in support of engagements
- Required Skills:
- - U.S. Citizenship
- - Must have an active TS/SCI clearance
- - Must be able to obtain DHS Suitability
- - 8+ years of directly relevant experience in NW
investigations
- - Demonstrated experience with recruiting, managing, and
developing employees
- - In depth knowledge of CND policies, procedures and
regulations
- - In depth knowledge of standard protocols - TCP/IP, ICMP,
HTTP/S, DNS, SSH, SMTP, SMB, NFS, etc.
- - In depth knowledge and experience of Wifi networking
- - In depth knowledge and experience of NW topologies - DMZ's,
WAN's, etc.
- - Substantial knowledge of Splunk (or other SIEM's)
- - Understanding of MITRE Adversary Tactics, Techniques and
Common Knowledge (ATT&CK)
- - Knowledge of CND policies, procedures, and regulations
- - Knowledge of defense-in-depth principles and general attack
stages with respect to NW security architecture
- - Ability to characterize and analyze NW traffic to identify
anomalous activity and potential threats to NW resources
- - Ability to identify and analyze anomalies in NW traffic using
metadata
- - Experience with reconstructing a malicious attack or activity
based on NW traffic
- - Experience examining NW topologies to understand data flows
through the NW
- - Must be able to work collaboratively across physical
locations
- Desired Skills:
- - Substantial knowledge of NW device integrity concepts and
methodologies
- - Proficiency with NW analysis software (e.g. Wireshark)
- - Proficiency with carving and extracting information from PCAP
data
- - Proficiency with non-traditional NW traffic (e.g. Command and
Control)
- - Proficiency with preserving evidence integrity according to
standard operating procedures or national standards
- - Proficiency with designing cyber security systems and
environments in a Linux and/or Windows environment
- Required Education:
- BS Computer Science, Cyber Security, Computer Engineering, or
related degree; or HS Diploma & 10+ years of NW investigations
experience.
- Desired Certifications:
- - DoD 8140.01 IAT Level II, IASAE II, CSSP Analyst
- - DoD 8140.01 GCIA, GCIH, CSSP Analyst/CSSP Incident
Responder
- - DoD 8140.01 CEH, CSSP Analyst
- - SANS GIAC GNFA preferred
- Employee Referral Award Eligibility: Only employees currently
within RMD and RI&S have the potential to receive a Referral
Award for submitting a referral to RMD and RI&S roles. ALL
eligibility requirements must be met to receive the Referral
Awarding.
- This position is eligible for a Sign On Bonus dependent on the
candidates skill.
- This position is eligible for Relocation.
- Arlington, VA
- #RISCyber
- #RISCPS
- #RISHIRT
- Additional Job Description
- Additional Job Description
- ERIP Eligible Yes $15,000
Keywords: Raytheon, Arlington , Leas Cyber Network Defense Analyst IV, Professions , Arlington, Virginia
Didn't find what you're looking for? Search again!
Loading more jobs...