Raytheon has a job for an experienced NETWORK-BASED SYSTEM ANALYST LEAD to join an exciting new opportunity in ARLINGTON, VA.
The Network Based System Analyst Lead will assist the Government lead in performing command and control functions in response to cyber incidents and coordinate with and provide expert technical support to enterprise-wide Computer Network Defense technicians with respect to resolving incidents. The Network Based System Analyst Lead will serve as technical expert and liaison to the intelligence community (IC) and law enforcement personnel explaining incident details as required, conduct peer reviews and support quality assurance activities for junior personnel. The Network Based System Analyst Lead will also support oversight of technical analysis and mentoring/providing guidance to others on data collection, analysis and reporting in support of onsite engagements.
The Network Based System Analyst Lead will assist the Government lead in coordinating teams in preliminary incident response investigations, interfacing with the customer while onsite and determine appropriate courses of actions in response to identified and analyzed anomalous network activity. The Network Based System Analyst Lead will assess network topology and device configurations identifying critical security concerns and providing security best practice recommendations and will assist with the writing and publishing of Computer Network Defense guidance and reports on incident findings to appropriate constituencies.
This role also includes oversight of collection of network intrusion artifacts (e.g., domains, URI’s, certificates, etc.) and use discovered data to enable mitigation of potential Computer Network Defense incidents, and analyzing identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information. This role is responsible for collecting network device integrity data and analyze for signs of tampering or compromise and assisting with real-time CND incident handling (i.e., forensic collections, intrusion correlation and tracking, threat analysis, and advising on system remediation) tasks to support onsite engagements.
This role has oversight responsibility for monitoring external data sources to maintain currency of Computer Network Defense threat conditions, performing analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, intrusion detection system logs, DNS logs) to identify possible threats to network security and analyzing network alerts from various sources within the enterprise and determine possible causes of such alerts.
EDUCATION & EXPERIENCE REQUIRED:
Bachelor's degree from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering or a related discipline, and with 8+ years of incident management or cybersecurity operations experience, OR 10+ years incident management experience or cybersecurity experience with a High school diploma
ADDITIONAL REQUIREMENTS:
* Knowledge of Computer Network Defense policies, procedures, and regulations
* Knowledge of defense-in-depth principles and general attack stages with respect to network security architecture
* Ability to characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
* Ability to identify and analyze anomalies in network traffic using metadata
* Ability to reconstruct a malicious attack or activity based on network traffic
* Ability to examine network topologies to understand data flows through the network
* Knowledge of network device integrity concepts and methodologies
* Skilled in preserving evidence integrity according to standard operating procedures or national standards
* Skilled in using various commercial and open source tools for network analysis(i.e. Wireshark, tcpdump, NetworkMiner, Moloch, BRO/Zeek, Snort etc…) as well as creation and capture of network traffic (i.e. PCAP, NetFlow)
* Knowledge of scripting languages (Python, Perl, etc.)
* Knowledge/ability to develop IDS and other detection signatures (Snort, Yara etc.)
DESIRED KNOWLEDGE & CERTIFICATIONS:
* Knowledge of the DHS NCCIC National Cyber Incident Scoring System
* Technical Certifications: Certified Intrusion Analyst, Certified Forensic Analyst, Network Forensic Analyst, Reverse Engineering Malware through GIAC or industry equivalent.
CLEARANCE:
An existing TS/SCI Clearance is required, existing DHS Suitability is desired.
This position may be contingent on contract award and also requires a U.S. Person who is eligible to obtain any required Export Authorization.
144385
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.