Raytheon

Raytheon Technologies has an immediate opening for a SOC Analyst (1st Shift 7am-3pm) in the DC Metro area. The successful candidate will be able to effectively analyze all relevant cyber security event data and other information sources for suspicious network traffic, attack indicators and potential security breaches; produce reports, assist in coordination during incidents.

• This position does not provide relocation*

Raytheon Technologies Background:

We pride ourselves on having the most highly-skilled Security Analysts in the industry. Regardless of technology or process specialization, every Analyst is trained in the fundamentals of support, analysis and research into exceptionally complex problems, and processes relating to Cyber Defense and Security Operations Center subject matter.

Responsibilities:

• Security Operations Support
• Serving as a central clearing house for all alerts coming into the SOC on a daily basis with an emphasis on DNS blackholing, email-based, Host-based IDS, Network-based IDS, Authentication-related and feed/sensor check alerts
• Continuous & persistent monitoring of security technologies/tool data and network traffic which result in security alerts generated, parsed, triggered, or observed on the in-scope managed networks, enclaves, systems or security technologies
• Analyzing, triaging, aggregating, escalating and reporting on client security events including investigation of anomalous network activity, and responds to cyber incidents within the network environment or enclave
• Correlation and trend analysis of security logs, network traffic, security alerts, events and incidents
• Perform in-depth root cause analysis and diligently gather information prior to escalation for future root cause analysis
• Event and incident handling consistent with applicable client plans and processes
• Integration of activities with standard reports, such as shift reports, along with client communication protocols
• Supporting calculation of security metrics
• Mapping alerts, events, and incidents to the Cyber Kill Chain™
• Communication/Client Engagement/Responsiveness
• Collaboration with the client’s Security Organization via email, conference call, and phone
• Provide feedback to other team members on security control efficacy, vulnerabilities, gaps in visibility, recurring issues, and other items of note
• Collaborating with the owners of cyber defense tools to tune systems for optimum performance
• Responsiveness to client-initiated requests and reports
• Reporting and communications consistent with client SLAs
• Support development of shift reports, Situation Reports and After Action Reports
• Duties as assigned by the SOC Manager or Senior Analysts including:
• Escalation point for Tier 1
• Assess network threats such as computer viruses, exploits, and malicious attacks
• Determining true threats, false positives and network system misconfigurations and provide solutions to issues detected in a timely manner
• Monitor for potential compromise, intrusion, deficiency, significant event or threat to the security posture and security baseline
• Develop, update and maintain standard operating procedures and other technical documentation for both client and internal operations.
• Participate in customer calls and meetings on a regular basis.
• Mentor junior staff
• Maintain current knowledge of relevant technology and trends.

Required Skills:

• Prior experience working in any of the following three: Security Operations Center (SOC), Network Operations Center (NOC), Computer Incident Response Team (CIRT)
• Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:
• Experience in computer intrusion analysis and incident response
• Knowledge and understanding of network devices, multiple operating systems, and secure architectures
• Working knowledge of network protocols and common services
• System log analysis
• Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
• Experience responding to and resolving situations caused by network attacks
• Ability to assess information of network threats such as scans, computer viruses or complex attacks
• 6 months recent experience (within the last 2 years) with Network Forensic technologies
• 6 months recent experience (within the last 2 years) with SIEM technologies
• Experience with Splunk
• Excellent written and verbal communication skills;
• Personality traits: Naturally curious and inquisitive nature; persistent and determined; loves solving problems and puzzles; analytically rigorous; uncompromising integrity.

Desired Skills:

• Experience with FireEye and Archer
• Experience with firewalls, routers or antivirus appliances
• Experience working on a 24x7x365 watch desk environment
• Experience with industry standard help desk tools

Desired Certifications:

• One or more of the following:
• Splunk Core Certified Power User
• Security+
• Network+
• A+
• CCSA
• CCSE
• GCIA
• GCIH
• GNFA
• CCNP

Required Education/Experience:

• Bachelor’s Degree in Cyber Security, Information Security, Information Assurance or similar and 4+ years of related experience (concentration of security operations and analysis). Additional experience can be used in lieu of education.

163245

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.