Raytheon

JOB OVERVIEW:

Raytheon Intelligence & Space (RIS) Cyber Security & Special Missions (CSM) Raytheon Cyber Solutions (RCS) has an immediate job opening for an ASSOCIATE CYBER SECURITY ENGINEER for SIEM, EDR, and Network Forensic Infrastructure. The successful candidate will provide engineering support for Raytheon Technologies Managed SOC Services infrastructure and client tools.

WORK LOCATION:

This position will be a combination of remote and onsite support. Candidate must be able and willing to travel, as required, within the Dulles, Virginia metropolitan area.

RCS TEAM BACKGROUND:

We pride ourselves on having the most highly-skilled Security Engineers in the industry. Regardless of technology or process specialization, every Engineer is trained in the fundamentals of network engineering & security, security tool configuration, investigative process, and incident response, and he or she must demonstrate mastery of these concepts on a daily basis.

PRIMARY JOB DUTIES & RESPONSIBILITIES:

• Security Engineering/Tool Support
• Assist with tool configuration changes of Managed SOC Services infrastructure, Security Information and Event Management (SIEM), EDR, Network Forensic Infrastructure and other security tools
• Engineering, development, maintenance, integration of content development and migration support, experience and skill sets with the following currently implemented security tools: RSA Netwitness, Splunk, FireEye NX, HX, EX, AX, Carbon Black Response
• Expert technical support and remediation of technical issues remotely and on-site, if requested, for the implemented security tools
• Responsible for development efforts for the continued enhancement of functionality of Splunk to include at least the following:

. Integration of new log sources into the system

. Alerting and reporting capabilities developed in response to industry standards, identified indicators of compromise, threat feeds, and direct requests

. Dashboards enhancements

. Data normalization

. Severity ratings enhancements

. Correlation logic enhancements for events from disparate system logs and alerts

. Event watch lists enhancements

. Monitoring channels enhancements

. Event/alert queues enhancements

. Event/alert reviewing/clearing standards enhancements

• Custom Content and Use Case Development
• Implement use cases for the devices integrated with the SIEM system
• Build the Correlation Rules & Threat Alert Criteria
• Custom content development services for RSA Netwitness, Splunk, and Carbon Black in response to industry trends, identified indicators of compromise and client provided requirements.
• Development efforts for the continued enhancement of functionality of RSA Netwitness to include at least the following:

. Development of new custom parsers/feeds/alerts

. Alerting and reporting capabilities developed in response to industry standards, identified indicators of compromise, threat feeds, and direct requests from the client

. Event watch lists enhancements

• Communication/Client Engagement/Responsiveness
• Support weekly tools status report detailing at least the following:

. System issues, status, and remediation efforts for all tools

. Integration request status and remediation efforts for all tools

. Enhancements status and remediation efforts for all tools

• Support weekly custom content and use case development status reports detailing at least the following:

. Overall use case development status

. Content development status for all tools

. Content development request for all tools

• Support client Service Level Agreements including:

. All requests for security tool support or content development shall be responded to within one hour of the request being received

. Provide a daily status update on all requests regarding tool support or content development efforts

• Support Engineering-related milestones in Project Management Plan including delivery on time with quality
• Duties as assigned by the Leads or Project Manager including:
• Assist in daily maintenance tasks, health checks, and upgrades
• Create and maintain procedural documentation
• Tune SIEM and logging infrastructure
• Conduct configuration audits
• Perform light-to-moderate automation tasks
• Maintain current knowledge of relevant technology and trends.

REQUIRED EDUCATION/EXPERIENCE:

• Bachelor's Degree and 2+ years of of network, security and systems experience. Additional experience can be used in lieu of education.

REQUIRED SKILLS:

• 6 months current experience working with one or more of the following security tools/technologies: RSA Netwitness, Splunk, FireEye NX, HX, EX, AX, Carbon Black Response
• Experience diagnosing and troubleshooting issues
• Excellent written and verbal communication skills, interpersonal and collaborative skills
• Well versed in operating systems such as Windows and Linux as well as Active Directory
• High degree of initiative and low requirement for supervision.
• Foundational technology certifications such as A+, Network+, Security+ , CCNA, ITIL

DESIRED SKILLS:

• SIEM, Firewall, IDS/IPS administration experience
• Scripting experience
• Knowledge and experience with regular expressions
• RSA Archer experience

DESIRED CERTIFICATIONS:

• One or more of the following:
• Security+
• Network+
• A+
• CCNA
• CCNP
• CCSA
• CCSE
• GIAC
• Splunk Core Certified Power User

This position may be contingent on contract award and also requires a U.S. Person who is eligible to obtain any required Export Authorization.

161881

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.