Sr. Incident Response Analyst

Date Posted:

2021-02-10-08:00

Country:

United States of America

Location:

UT2: 9 Farm Springs 9 Farm Springs, Farmington, CT, 06034 USA

Raytheon Technologies

Raytheon Technologies Corporation is an aerospace and defense company that provides advanced systems and services for commercial, military and government customers worldwide. It comprises four industry-leading businesses – Collins Aerospace Systems, Pratt & Whitney, Raytheon Intelligence & Space and Raytheon Missiles & Defense. Its 195,000 employees enable the company to operate at the edge of known science as they imagine and deliver solutions that push the boundaries in quantum physics, electric propulsion, directed energy, hypersonics, avionics and cybersecurity. The company, formed in 2020 through the combination of Raytheon Company and the United Technologies Corporation aerospace businesses, is headquartered in Waltham, Massachusetts.

Job Description:
The candidate should be an experienced information security practitioner that can collect, analyze, and interpret adverse event information and perform threat or target analysis duties.  Manage, execute level three response, and determine scope of a cyber-incident. Proactively search for cyber threats to find malicious actors in Raytheon Technologies’ network that may go undetected by conventional network security monitoring or defenses. Prepare detailed recommendations for network defense improvements to mitigate incidents, recommend enterprise protection measures based on incident trends.

Responsibilities:
Shall perform specific activities that include, but not limited to the following:
• Identify, contain, mitigate, recover, and report on cyber-security incidents affecting the enterprise, business, and subsidiary networks globally.
• Analyze and investigate adverse events and incidents using an enterprise security information and event monitoring (SIEM), logs from firewalls, IDS/IPS, proxies, servers, endpoints and other network devices to determine threats, attack vector, scope of activity, and appropriate response. 
• Collaborate and coordinate with peers and stakeholders across global functional and business unit teams as needed to analyze and respond to adverse events and incidents.
• Research the latest threat intelligence, vulnerabilities, exploits, and other relevant threat information and trends on various attackers and attack infrastructure.
• Collaborate with other teams within Enterprise IT Security to improve detection and monitoring, develop cyber defenses, and perform advanced network and host analysis.
• Utilize cyber security tools to actively hunt for threats in the enterprise network.
• Ability and willingness to share on-call responsibilities, and work non-standard hours as needed.
• Occasional travel within CONUS and OCONUS is required
• Perform other duties as assigned

Required Skills:
• Minimum 6+ years’ experience in Cyber-security preferred
• Interface with Incident Response and knowledge of the IR lifecycle.
• Proven experience and knowledge of advanced and persistent threats.
• Capability of operating independently and in a team environment as is part of a geographically dispersed virtual team with minimal supervision.
• Proficiency with MS Office Applications
• Proven ability to troubleshoot and solve technical issues
Candidate must have technical experience in the following areas:
• Working knowledge of systems, networking, and web technologies.
• Familiarity with searching, interpreting and working with data from enterprise logging systems (e.g. SIEM, syslog, netflow, DNS, IDS/IPS, proxy, email, server and system logs)
• Knowledge of TCP/IP protocols and data communications schemes.
• Prefer familiarity with packet analysis to include:
o HTTP Headers & Status codes
o SMTP Traffic & Status codes
o FTP Traffic & Status Codes
o DNS Queries
o PKI Certificate Exchange
• Understanding of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
• Knowledge of vulnerabilities, and vulnerability scanning tools.
• Understanding in malware types (e.g. virus, worm, RAT, etc) containment, traffic analysis, and mitigation of malware threat
Ability to Travel domestically and internationally
• This position requires the eligibility to obtain a security clearance. Except in rare circumstances, only U.S. citizens are eligible for a security clearance
• This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.

Desired Skills:
• Understanding of Cyber Kill Chain, Mitre Attack, and Diamond Model.
• Experience developing and implementing IDS / IPS signatures and URL / IP blocks
• Experience in malware triage analysis and/or sandboxing
• Host based forensics using EnCase, FTK or other digital forensics tools
• Scripting languages such as Python, Perl, and PowerShell
• Ability to use penetration testing tools and techniques,
• Experience with assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• Personality traits: Naturally curious and inquisitive nature; persistent and determined; enjoys solving problems and puzzles; analytically rigorous; uncompromising integrity; ethical.
• Excellent social, written and verbal communication skills; must be able to clearly and concisely present analytical data to a variety of technical and non-technical peers, and management of all levels.
• Proactive, self-driven and fully accountable for independent performance.
• Strong process orientation and ability to develop, document, and follow standard work; attention to detail.
• Organizational skills to manage multiple competing priorities and deadlines in a fast-paced working environment.

Possess of at least one relevant professional designation or related advanced IT certification, but not limited to the following will be considered an advantage:
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Security Expert (GSE)
• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Network Forensics Analysts (GNFA)
• GIAC Reverse Engineering Malware (GREM)
• Certified Ethical Hacker (CEH)
• Microsoft Certified Solutions Expert (MCSE)
• Red Hat Certified Engineer (RHCE)

Education:
7 Years Experience with BS or BA Degree in a technical program

 Or Advanced Degree with 5 years experience

or equivalent combination of related work experience and schooling/certifications in lieu of degree

Remote Work Available

• Farmington, CT
  Billerica, MA
• Richardson, TX
• Washington, DC

Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Privacy Policy and Terms:

Click on this to read the Policy and Terms

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender orientation, gender identity, national origin, disability, or protected Veteran status.