Raytheon Technologies Sr. Incident Response Analyst - CIR in Billerica, Massachusetts
Raytheon Technologies Enterprise Services (ES) Cyber Security has an immediate opening for an experienced Sr. Incident Response Analyst professional (Sr. Cyber Threat Ops Tech II) to join the Cyber Incident Response (CIR) team. The Senior Cyber Incident Response Analyst should confidently determine appropriate course of action in response to identified cyber security incidents or anomalous network activity. This position is at the enterprise level and will require to work in a fast-paced collaborative environment with multiple functional and business teams. This position can be worked remotely within the United States.
The candidate should be an experienced information security practitioner that can collect, analyze, and interpret adverse event information and perform threat or target analysis duties. Manage, execute level three response, and determine scope of a cyber-incident. Proactively search for cyber threats to find malicious actors in Raytheon Technologies’ network that may go undetected by conventional network security monitoring or defenses. Prepare detailed recommendations for network defense improvements to mitigate incidents, recommend enterprise protection measures based on incident trends.
Shall perform specific activities that include, but not limited to the following:
• Identify, contain, mitigate, recover, and report on cyber-security incidents affecting the enterprise, business, and subsidiary networks globally.
• Analyze and investigate adverse events and incidents using an enterprise security information and event monitoring (SIEM), logs from firewalls, IDS/IPS, proxies, servers, endpoints and other network devices to determine threats, attack vector, scope of activity, and appropriate response.
• Collaborate and coordinate with peers and stakeholders across global functional and business unit teams as needed to analyze and respond to adverse events and incidents.
• Research the latest threat intelligence, vulnerabilities, exploits, and other relevant threat information and trends on various attackers and attack infrastructure.
• Collaborate with other teams within Enterprise IT Security to improve detection and monitoring, develop cyber defenses, and perform advanced network and host analysis.
• Utilize cyber security tools to actively hunt for threats in the enterprise network.
• Ability and willingness to share on-call responsibilities, and work non-standard hours as needed.
• Occasional travel within CONUS and OCONUS is required
• Perform other duties as assigned
• Minimum 6+ years’ experience in Cyber-security and Bachelor’s degree or equivalent combination of related work experience and schooling/certifications in lieu od degree
• Interface with Incident Response and knowledge of the IR lifecycle.
• Proven experience and knowledge of advanced and persistent threats.
• Capability of operating independently and in a team environment as is part of a geographically dispersed virtual team with minimal supervision.
• Proficiency with MS Office Applications
• Proven ability to troubleshoot and solve technical issues
Candidate must have technical experience in the following areas:
• Working knowledge of systems, networking, and web technologies.
• Familiarity with searching, interpreting and working with data from enterprise logging systems (e.g. SIEM, syslog, netflow, DNS, IDS/IPS, proxy, email, server and system logs)
• Knowledge of TCP/IP protocols and data communications schemes.
• Prefer familiarity with packet analysis to include:
o HTTP Headers & Status codes
o SMTP Traffic & Status codes
o FTP Traffic & Status Codes
o DNS Queries
o PKI Certificate Exchange
• Understanding of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
• Knowledge of vulnerabilities, and vulnerability scanning tools.
• Understanding in malware types (e.g. virus, worm, RAT, etc) containment, traffic analysis, and mitigation of malware threat
Ability to Travel domestically and internationally
• This position requires the eligibility to obtain a security clearance. Except in rare circumstances, only U.S. citizens are eligible for a security clearance
• This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.
• Understanding of Cyber Kill Chain, Mitre Att&ck, and Diamond Model.
• Experience developing and implementing IDS / IPS signatures and URL / IP blocks
• Experience in malware triage analysis and/or sandboxing
• Host based forensics using EnCase, FTK or other digital forensics tools
• Scripting languages such as Python, Perl, and PowerShell
• Ability to use penetration testing tools and techniques,
• Experience with assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• Personality traits: Naturally curious and inquisitive nature; persistent and determined; enjoys solving problems and puzzles; analytically rigorous; uncompromising integrity; ethical.
• Excellent social, written and verbal communication skills; must be able to clearly and concisely present analytical data to a variety of technical and non-technical peers, and management of all levels.
• Proactive, self-driven and fully accountable for independent performance.
• Strong process orientation and ability to develop, document, and follow standard work; attention to detail.
• Organizational skills to manage multiple competing priorities and deadlines in a fast-paced working environment.
Possess of at least one relevant professional designation or related advanced IT certification, but not limited to the following will be considered an advantage:
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Security Expert (GSE)
• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Network Forensics Analysts (GNFA)
• GIAC Reverse Engineering Malware (GREM)
• Certified Ethical Hacker (CEH)
• Microsoft Certified Solutions Expert (MCSE)
• Red Hat Certified Engineer (RHCE)
Bachelor's in Computer Science, Computer Engineering, Information Technology or related discipline or equivalent combination of related work experience and schooling/certifications in lieu of degree
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.