About
Raytheon
Job Description
CSOC Analyst Tier 3 (10-15 Yrs Exp Required)
Support a proprietary customer contract to enable mission accomplishment by analyzing all relevant cyber security event data and other information sources for suspicious network traffic, attack indicators and potential security breaches; produce reports, assist in coordination during incidents. In support of the customer's strategic direction, key individuals support the Cyber Security Operations Center (CSOC) employing innovative technologies and techniques.
Job Description:
Looking for a qualified individual who can support the intrusion detection system aspects for the Monitoring & Vulnerability Analysis Team as a CSOC Analyst Tier 3 by applying an advanced knowledge of information security services/analysis concepts, practices and procedures. Support will include providing oversight and guidance of analysts for detecting and evaluating intrusions.
Responsibilities:
Assess information network threats such as computer viruses, exploits, and malicious attacks; operate vulnerability assessment equipment in support of intrusion analyses
Determine true threats, false positives and network system mis-configurations and provide solutions to issues detected in a timely manner.
Monitor for potential compromise, intrusion, deficiency, significant event or threat to the security posture and security baseline. Follow intrusion and escalation processes and procedures.
Integrated Defense System/In Plane Switching (IDS/IPS) Signature Analysis, Development and Testing
Tune IDS/IPS Systems
Security Information Event Manager (SIEM) content Analysis, Development and Testing
Web Content Filtering Analysis, Development and Testing
Tune IDS/IPS Systems
Development of standard operating procedures and other technical documentation for the IDS infrastructure.
Keep abreast of developments in field of expertise to ensure knowledge base remains current.
Routinely provide guidance to and assists in the training of less experienced staff.
Required Skills:
Existing Level 6: Public Trust - High Risk Background Investigation
US Citizenship
Willing to work rotating shifts
10-15 years of experience in systems cyber security analysis
Working knowledge of network security management and operations
Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:
Experience in computer intrusion analysis and incident response
Intrusion detection
Knowledge and understanding of network devices, multiple operating systems, and secure architectures
Working knowledge of network protocols and common services such as DNS, FTP, email, CP/ICMP/UDP
System log analysis
Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
Experience managing, responding to and resolving situations caused by network attacks
Experience using current monitoring technologies such as: SourceFire-SNORT, ArcSight, or NetScout etc.
Current experience with cyber threats and their associated tactics, techniques, and procedures
Ability to assess information of network threats such as scans, computer viruses or complex attacks
Demonstrated ability to document processes
SIEM experience with ArcSight ESM and Logger
Working knowledge of network protocols and common services such as DNS, FTP, email, CP/ICMP/UDP
Hands-on experience with NIDS (Network IDS) and HIDS (Host based IDS)
Must be able to work collaboratively across cyber threat teams and effectively communicate both written and orally
Proficiency with MS Office Applications
Experience with information network software and hardware
Strong understanding and working knowledge of current country and/or Intel security regulations, directives, and policies
Working knowledge of WAN/LAN concepts and technologies
Working knowledge of Linux/Unix, including scripting, and basic system administration.
Knowledge of signature development
IDS/IPS Signature Analysis, Development and Testing
SIEM content Analysis, Development and Testing
Familiarity with packet analysis to include:
HTTP Headers & Status codes
SMTP Traffic & Status codes
FTP Traffic & Status Codes
DNS Queries
PKI Certificate Exchange
Desired Skills:
Ability to speak and read English
Experience with firewalls, routers or antivirus appliances a plus
Experience working on a 24x7x365 operations center environment
Experience with ArcSight SIEM tool is a plus
Experience with CA Service Desk Manager
Demonstrated advanced understanding and in-depth knowledge of regular expressions
Demonstrated advanced understanding and in-depth knowledge of scripting languages (perl, python, javascript, etc.)
Demonstrated experience in Security Information Event Management (SIEM) and Intrusion Prevention System (IPS) tools
Experience establishing and maintaining good working relationships in all levels of the organization, including customers, organizations, internal management, and support organizations
Prior experience working in one of the following is highly desired:
Security Operations Center (SOC)/Network Operations Center (NOC)
Computer Emergency/Incident Response Team (CERT/CIRT)
Desired Certifications:
Certified Information Systems Security Professional (CISSP) or
GIAC Certified Incident Handler (GCIH) or
GIAC Certified Enterprise Defender (GCED) or
GIAC Security Expert (GSE) or
Certified Information Security Manager (CISM)
Certified Ethical Hacker (CEH) or GIAC Intrusion Analyst (GCIA)
ArcSight Security Analyst Certification
Required Education (including Major):
Bachelor of Science Degree with a major in Computer Science/Computer Engineering, Engineering, Science or a related field. The candidate must have a minimum of 15+ years of experience or equivalent education with experience.
141612 Business Unit Profile
Raytheon Intelligence, Information and Services delivers innovative technology to make the world a safer place. Our expertise in cyber, analytics and automation allow us to reach beyond what others think is possible to underpin national security and give our global customers unique solutions to solve the most pressing modern challenges -- from the cyber domain to automated operations, and from intelligent transportation and training solutions to creating clear insight from large volumes of data. IIS operates at nearly 550 sites in 80 countries, and is headquartered in Dulles, Virginia. The business area generated $6.2 billion in 2018 revenues. As a global business, our leaders must have the ability to understand, embrace and operate in a multicultural world -- in the marketplace and the workplace. We strive to hire people who reflect our communities and embrace diversity and inclusion to advance our culture, develop our employees, and grow our business.
Relocation Eligible
Yes
Clearance Type
Public Trust Current
Expertise
Cyber Jobs
Information and Knowledge Systems
Type Of Job
Full Time
Work Location
MD - Bethesda
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.
About Raytheon
Raytheon is a global company that specializes in defense and other government markets.