Raytheon Technologies Digital Forensics and Incident Response Engineer (DFIR) in Dhahran, Saudi Arabia
Digital Forensics and Incident Response Engineer (DFIR)
Support an international engagement to enable mission accomplishment by analyzing all relevant cyber security event data and other information sources for suspicious network traffic, attack indicators and potential security breaches; produce reports, assist in coordination during incidents. In support of the customer’s strategic direction, key individuals support the Cyber Security Operations Center (CSOC) employing innovative technologies and techniques.
Location: Dhahran, Saudi Arabia
Looking for a qualified individual who can support a Computer Incident Response Team (CIRT) in the detection, response, mitigation, and reporting of cyber threats affecting client networks as a Forensic Analyst. The Forensic Analyst provides specialized support by gathering, handling, examining, preparing, entering, and searching, retrieving, identifying and/or comparing digital and/or physical evidence. The candidate uses forensically sound procedures to determine results. The Forensic Analyst observes proper evidence custody and control procedures, documents procedures and findings and prepares comprehensive written notes and reports. The Forensic Analyst analyzes network/computer threats and mitigates vulnerabilities while limiting operational impact to the Computer Network Defense (CND) mission in support of the CSOC. Responsibilities :
Provide support in the detection, response, mitigation, and reporting of cyber threats affecting client networks
Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
Produce reports and briefs to provide an accurate depiction of the current threat landscape and associated risk. This is accomplished through the use of customer, community, and open source reporting
Provide analysis of correlated information sources
Facilitate the customer's posturing itself to aggressively investigate cyber activity targeting customer and client information and its information infrastructure
Assist the customer training department in the education of staff on the cyber threat
Liaison with other agency cyber threat analysis entities, such as intra-agency and inter- agency Cyber Threat Working Groups
Maintaining proficiency in the use and production of visualization charts, link analysis diagrams, and database queries
Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions.
Additional duties may include providing intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments by provided support to the malware, forensics and mitigation teams.
Meet and maintain customer required Information Assurance training compliance.
Willing to work rotating shifts with moderate overtime
Prior experience working in one of the following:
Security Operations Center (SOC)/Network Operations Center (NOC)
Computer Emergency/Incident Response Team (CERT/CIRT)
8+ years’ experience in Intelligence collection, analysis, and reporting process/procedures
8+ years hands-on experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:
Experience in computer intrusion analysis and incident response;
Computer network surveillance/monitoring;
Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures;
Experience in computer evidence seizure, computer forensic analysis, and data recovery;
Computer network forensics.
System log analysis
Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
Current experience with cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
Demonstrated ability to document processes.
The ability to respond to crises objectively.
Proficiency with MS Office Applications
Must be able to work collaboratively across agencies and physical locations
Ability to speak and read Arabic
S ystems cyber security experience
Experience with Risk and Opportunity Management
Shell scripting experience
Experience with process development and deployment
Excellent writing skills
Experience with digital forensics and incident response tools
Certified Information Systems Security Professional (CISSP) or
GIAC Certified Incident Handler (GCIH) or
GIAC Certified Enterprise Defender (GCED) or
CompTIA Advanced Security Practitioner (CASP)
Certified Ethical Hacker (CEH) or GIAC Incident Handler (GCIH) or GIAC Intrusion Analyst (GCIA)
GIAC Certification Forensic Analyst (GCFA)
GIAC Security Expert (GSE)
Required Education (including Major):
Bachelor of Science Degree with major in Computer Science/Electrical Engineering, Engineering, Science or related field.
Must have a minimum of 8 + years ’ experience or equivalent education and experience.
Candidates will be subject to skillset evaluation in interview process to validate technical capability.
This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.
Raytheon is currently looking for talent to fill roles located in Riyadh, Saudi Arabia or Eastern Province, Saudi Arabia. It is contemplated that the employer in this case would be a planned Joint Venture between Raytheon and Saudi Aramco affiliated companies that has not yet been formed and is subject to pre-formation regulatory clearances. Employment is contingent on formation of the Joint Venture and offers of employment will not be made by the Joint Venture until the formation is complete.