Prin Information Systems Techn - Military veterans preferred
2018-10-22 Raytheon (www.raytheon.com)
United Arab Emirates
**This position is contingent based on contract award**
Are you the type of person that wants to start-up a new company in an exploding field? Raytheon has the opportunity for you. Cyber attacks are worldwide and countries/companies are looking for their partners in solving the challenging problems. Our ideal candidate is someone with great problem-solving skills, an outgoing and energetic personality, a high degree of creativity, innovation and out-of-the box thinking all with a mind for business!
Raytheon is seeking a Threat Detection Organization (TDO) Lead for the design, development, integration and operations of a Security Operations Center (SOC) in Abu Dhabi, UAE. The candidate must have proven performance delivering cyber products and technical services to the MENA region. This role will be responsible for ensuring the successful integration of cyber COTS products while working with subcontractors.
This assignment may require shift work and weekend work. All candidates must be able to work 2nd and 3rd shifts. All candidates must be able to work over the weekends.
Responsibilities will include:
Work closely with the Program Manager, Chief Engineer and Lead Integrator and/or Assistant SOC Manager to ensure technology, engineering resources, and planning allow the program to meet the current and future business requirements.
Ensure the program follows DevOps/Agile principles in the execution of the program
Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
Facilitate the customer's posturing itself to aggressively investigate cyber activity targeting customer and client information and its information infrastructure
Assist in the education of staff on cyber threats and threat hunting methodology
Maintaining proficiency in the use and production of visualization charts, link analysis diagrams, and database queries
Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions.
Provides insights to other team members on nuances of networking technologies, architectures, and network traffic analysis to support other analysts who do not have networking experience.
Develops models for identifying incident-type activity, of malware or bad actors, using statistical analysis
Develop dashboards to assist in automation and awareness for incident response and playbooks for automating investigations
Reviews incident logs/records mining for evidence of malicious tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)
Researches Internet sources and threat intelligence databases to try and find evidence in customer logs
Explores patterns in network and system activity through log correlation using Splunk and other tools
Investigates evidence of threats against Windows, Linux, Database, Applications, web servers, firewalls or other relevant technologies
Ingest IOC’s to assess impact to organization
Share IOC’s with internal and external teams for validation and collaboration.
Provide timely, accurate and relevant intelligence products to the customer to include a variety of intelligence reports, PowerPoint presentations, and various briefings.
Leverage internal and external resources to research threats, vulnerabilities, and intelligence on various attackers and attack infrastructure
On a rolling basis, use our hunting VDI solution to identify root cause, scope, and severity of each incident and compile findings into a finished analytical product Recommend tuning and instrumentation improvements to VSOC clients
Work with our Threat Intelligence and Digital Forensics and Incident Response (DFIR) Teams to identify threats, develop or recommend countermeasures to our clients, and perform advanced network and host analysis in the event of a compromise
Work with our Research and Development Team to improve and expand toolsets Receive training on and demonstrate competency in multiple NSM/SIEM platforms
Interface with customers to consult with them on best security practices and help them mature their security posture
Demonstrated to advanced experience with computer networking and operating systems
Experience with one of the following: Splunk, NetWitness, Arcsight, McAfee NSM, and other related tools
Statistical modeling and analysis experience to infer possible cybersecurity threats
Demonstrated to advanced experience of current threats, vulnerabilities, and attack trends
Experience in analysis in investigations, such as in IT, law enforcement, military intelligence, or business analytics
Interest in learning about Windows, Linux, Database, Application, Web server, firewall, SIEM etc. log analysis
Verbal/written communication and interpersonal skills to effectively communicate with team-members
Must be highly motivated with the ability to self-start, prioritize, multi-task and work in a team setting
Understanding of intelligence cycle, Cyber Kill Chain, and Diamond Model
Critical thinking and problem solving skills
Possess good time management and written and oral communications skills
Experience in Devops/Agile practices and ITIL practices
Familiarity with common network vulnerability/penetration testing
Experience evaluating systems and network devices and enterprise networks for IA vulnerabilities
Experience evaluating enterprise networks for IA/security vulnerabilities
Splunk query-development expertise
Experience on an Incident Response team performing Tier I/II initial incident triage.
Excellent writing skills
DODI 8570.1-M Compliance at IAT Level II; CISSP, Certified Ethical Hacker (C|EH), SFCP, GCIA, SEC +, Network+, A+, GSEC, GIAC, Splunk Power User
8 Years, with a B.S./B.A. in Engineering, Science, or Mathematics or 6 years with MS/MA in Engineering, Science or Mathematics or 4 years with PhD in Engineering, Science or Mathematics. Additional years of experience may be substituted in lieu of degree.