Cyber Threat Intelligence Analyst
- Military veterans preferred
2019-08-05 Raytheon (www.raytheon.com)
Richardson Texas United States
Raytheon Global Business Services (GBS) IT Security has an opening for a Cyber Threat Intelligence Analyst. Work in a fast-paced environment, creatively combining intelligence data from many sources into information that will lead to successful computer network defense.
Experience with advanced tactics and techniques used by threat actors and familiarity with counter-intelligence actions is a plus. This role also supports cyber incident response activities, must be well versed in frameworks and methods for rapid containment, eradication and analysis of intrusions.
Job Description: Threat Intelligence Analysis – Research and analyze information from a wide variety of sources and generate tailored, actionable mitigation strategies for emerging threats to Raytheon’s IT infrastructure. Proactively analyze and classify adversarial groups and attackers based on TTPs. Develop threat intelligence outputs: regular reports, ad hoc reports, and complete research requests from senior leadership.
Incident Response – Coordinate the investigation, containment, and recovery actions for Enterprise-level cyber security incidents by utilizing leading-edge network, system and analysis tools. Response actions will include providing situational awareness to appropriate personnel through clear and concise communications.
Job Responsibilities will include:
Maintain current knowledge of adversary tactics, techniques and procedures (TTPs), intelligence reporting and Raytheon business strategy to enable the practical application of intelligence to information security.
Support the team in conducting Advanced Persistent Threat (APT) analysis and investigation.
Stay abreast of current vulnerabilities and mitigation strategies.
Produce reports and briefs that will provide an accurate depiction of the current threat landscape and associated risk through the use of customer, community, and public sources.
Analyze cyber threat reporting to assist in monitoring for, identifying, and investigating and deterring computer network intrusions.
Provide support in the detection, response, mitigation, and reporting of cyber security incidents affecting enterprise and subsidiary networks.
Assist in the education of staff on cyber threats.
Collaborate with other groups within IT Security and the business Units.
Minimum 4+ years experience in threat intelligence analysis.
Understanding of Advanced Persistent Threat (APT) type of activity and knowledge of attackers.
Computer Incident handling/response experience.
Experience with interpreting Reconnaissance, Delivery, and Exploitation attempt events in network logs and traffic.
Working knowledge of networking concepts and web technologies.
Knowledge of TCP/IP protocols and data communications schemes.
Prefer familiarity with packet analysis to include:
HTTP Headers & Status codes
SMTP Traffic & Status codes
FTP Traffic & Status Codes
PKI Certificate Exchange
Problem solving/critical thinking capabilities in complex environments.
Self-driven and fully accountable for independent effort performed as part of a geographically dispersed virtual team supporting a high OPTEMPO mission.
Proficiency in the use and production of visualization charts, link analysis diagrams, and database queries
Excellent social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data to a variety of technical and non-technical audiences.
Ability and willingness to share on-call responsibilities, work non-standard hours, and travel (up to 25%) when required.
This position requires the eligibility to obtain a security clearance except in rare circumstances, only U.S. citizens are eligible for a security clearance This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.
Understanding of intelligence cycle, Cyber Kill Chain, and Diamond Model.
Experience developing and implementing IDS / IPS signatures and URL / IP blocks
Working knowledge of SIEM technology and tools
One or more of the following industry certifications:
GIAC Certified Incident Handler (GCIH)
Certified Information Systems Security Professional (CISSP)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Network Forensics Analysts (GNFA)
GIAC Reverse Engineering Malware (GREM)
Certified Ethical Hacker (CEH)
Required Education: Bachelor's degree in Computer Science, Computer Engineering, Information Technology or related discipline or equivalent combination of experience in cyber and schooling/certifications in lieu of degree
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.