Date Posted:
2022-10-17-07:00
Country:
United States of America
Location:
VA149: 1110 N Glebe Road Arlington 1110 North Glebe Road Suite 630, Arlington, VA, 22201 USA
Position Role Type:
Onsite
Raytheon Technologies is supporting a U.S. Government customer to provide support for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Contract personnel perform investigations to characterize of the severity of breaches, develop mitigation plans, and assist with the restoration of services. Raytheon Intelligence & Space (RIS) is seeking a junior Cyber Incident Manager to support this critical customer mission.
Responsibilities:
- Monitoring external data sources (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams [CERTs], SANS, Security Focus) to maintain currency of Computer Network Defense threat condition and determining which security issues may have an impact on the enterprise.
- Identify the cause of an incident and recognize the key elements to ask external entities when learning the background and potential infection vector of an incident.
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
- Track and document Computer Network Defense (CND) incidents from initial detection through final resolution.
- Working with other components within the organization to obtain and coordinate information pertaining to ongoing incidents.
- Ability to interface and communicate with the external customer.
Required Skills:
- U.S. Citizenship.
- Must be eligible for or possess an active TS/SCI clearance.
- Must be able to obtain DHS Suitability.
- Must be able to work collaboratively across physical locations.
- More than six m1+ years of cyber incident management or cybersecurity operations experience.
- Knowledge of basic incident response and handling methodologies
- Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.).
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
- Knowledge of basic system administration and operating system hardening techniques.
- Basic understanding of and ability to learn host & network forensics; ability to learn and understand log review(s); differentiate between malign & malicious activities.
- Ability to learn Splunk and use it in an operational environment.
- Intermediary proficiency & understanding of the following applications: FTK, Encase, Axiom, Xways, Mandiant HX, FireEye, SOF-ELK, Moloch, Wireshark, Network Miner, NetWitness, CyberChef, Corelightm, Security Onion, ArcSight, Zeek/Bro, Gigamon or other packet brokers, ELKStack, SourceFire, Tanium, Palo Alto, TCPDump, Tshark, Nagios, Suricata, Corelight, various firewalls (F/Ws) & router set-up/admin, Domain Tools (IRIS), AWS Cloud, Azure, Google Cloud.
Desired Skills:
- Basic understanding of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored]).
- Awareness of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident.
- Knowledge of basic system administration and operating system hardening techniques.
- Awareness and knowledge of Computer Network Defense policies, procedures, and regulations.
- Ability to learn about or knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
- Ability to learn about or knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code).
- Basic experience with firewalls; incident response; windows event managers; windows event IDs; ability to learn about the MITRE ATT&CK processes; ability to interpret and understand legal requirements; attack vectors; tactics, techniques, and protocols (TTPs), etc.
Required Education:
Bachelor of Science Incident Management, Operations Management, Cybersecurity or related degree.
Desired Certifications:
GCIH, GCFA GISP, GCED, CCFP or CISSP or ability to obtain a certification within one year of employment.
Employee Referral Award Eligibility: Only employees currently within RMD and RI&S have the potential to receive a Referral Award for submitting a referral to RMD and RI&S roles. ALL eligibility requirements must be met to receive the Referral Awarding.
This position is eligible for a Sign On Bonus dependent on the candidates skill.
This position is eligible for Relocation.
Arlington, VA
HIRTRIS
#RISCyber
#RISCPS
#RISHIRT
Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Privacy Policy and Terms:
Click on this link to read the Policy and Terms