Raytheon Intelligence & Space (RIS) Cyber Security & Special Missions (CSM) Raytheon Cyber Solutions (RCS) has an immediate job opening for an ASSOCIATE CYBER SECURITY ANALYST (SECOND SHIFT, 3pm-12am). The successful candidate will be able to effectively analyze all relevant cyber security event data and other information sources for suspicious network traffic, attack indicators and potential security breaches; produce reports, assist in coordination during incidents.
This position will be a combination of remote and onsite support. Candidate must be able and willing to travel, as required, within the Dulles, Virginia metropolitan area.
RCS TEAM BACKGROUND:
We pride ourselves on having the most highly-skilled Security Analysts in the industry. Regardless of technology or process specialization, every Analyst is trained in the fundamentals of support, analysis and research into exceptionally complex problems, and processes relating to Cyber Defense and Security Operations Center subject matter.
PRIMARY JOB DUTIES & RESPONSIBILITIES:
- SOC Service Monitoring and Analytics
- Continuous & persistent monitoring of security technologies/tool data and network traffic which result in security alerts generated, parsed, triggered, or observed on the in-scope managed networks, enclaves, systems or security technologies
- Analyzing, triaging, aggregating, escalating and reporting on client security events including investigation of anomalous network activity, and responds to cyber incidents within the network environment or enclave
- Correlation and trend analysis of security logs, network traffic, security alerts, events and incidents
- Continuously works to tune security tools to minimize false positives and maximize detection and prevention effectiveness. Collaborates with the owners of cyber defense tools to tune systems for optimum performance
- Incident categorization and severity assignment consistent with client criteria
- Event and incident handling consistent with applicable client plans and processes
- Integration of activities with standard reports, such as shift reports, along with client communication protocols
- Documents and provided feedback to engineers for custom views, channels, and other content for Incident Response, Insider Threat Management (ITM), and other threat detection use cases into disparate enclaves in the customer environment
- Support calculation of security metrics related to Managed SOC Services offering
- Communication/Client Engagement/Responsiveness
- Collaboration with the client’s Security Organization via email, conference call, and phone
- Responsiveness to client-initiated requests and reports
- Reporting and communications consistent with client SLAs
- Support client Service Level Agreements related to alert, event/incident, request/report responsiveness
- Support development of shift reports, Situation Reports and After Action Reports
- Engagement and communication between Cyber Threat Analysis and DFIR resources to perform as one CSIRT
- Duties as assigned by the Leads or Project Manager including:
- Assess network threats such as computer viruses, exploits, and malicious attacks
- Determining true threats, false positives and network system misconfigurations and provide solutions to issues detected in a timely manner
- Monitor for potential compromise, intrusion, deficiency, significant event or threat to the security posture and security baseline
- Develop, update and maintain standard operating procedures and other technical documentation for both client and internal operations.
- Participate in customer calls and meetings on a regular basis.
- Drive SIEM content development, tuning, and review
- Maintain current knowledge of relevant technology and trends.
This role is specific to our Second-Shift. Candidates must be available for and willing to work from 3pm to 12am, to maintain 24x7x365 coverage.
- Bachelor's Degree in Cyber Security, Information Security, Information Assurance or similar and 2+ years of related experience (concentration of security operations and analysis). Additional experience can be used in lieu of education.
- Prior experience working in any of the following three: Security Operations Center (SOC), Network Operations Center (NOC), Computer Incident Response Team (CIRT)
- Knowledge of and practical experience of integration of COTS or open source tools
- Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:
- Experience in computer intrusion analysis and incident response
- Working knowledge of Intrusion detection/protection systems
- Knowledge and understanding of network devices, multiple operating systems, and secure architectures
- Working knowledge of network protocols and common services
- System log analysis
- Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
- Experience responding to and resolving situations caused by network attacks
- Ability to assess information of network threats such as scans, computer viruses or complex attacks
- Working knowledge of WAN/LAN concepts and technologies
- SIEM content Analysis, Development and Testing
- 6 months recent experience (within the last 2 years) with RSA Netwitness
- 6 months recent experience (within the last 2 years) with Splunk
- 6 months recent experience (within the last 2 years) with Fireeye
- Familiarity with packet analysis to include: HTTP Headers & Status codes, SMTP Traffic & Status codes, FTP Traffic & Status Codes
- Excellent written and verbal communication skills;
- Personality traits: Naturally curious and inquisitive nature; persistent and determined; loves solving problems and puzzles; analytically rigorous; uncompromising integrity.
- Experience with RSA Netwitness, Splunk, FireEye NX, EX, HX, AX, Carbon Black Response, RSA Archer
- Experience with firewalls, routers or antivirus appliances
- Experience working on a 24x7x365 watch desk environment
- Experience with industry standard help desk tools
- One or more of the following:
- Splunk Core Certified Power User
This position may be contingent on contract award and also requires a U.S. Person who is eligible to obtain any required Export Authorization.