Digital Forensics / Malware Reverse Engineer

Raytheon

Dulles Town Center, VA
Benefits
Experience
Other
Apply
10,000+ Similar Jobs Thumbnail

JOB OVERVIEW:

Raytheon Intelligence & Space (RIS) Cyber Security & Special Missions (CSM) Raytheon Cyber Solutions (RCS) has an immediate job opening for a DIGITAL FORENSICS & INCIDENT RESPONSE (DFIR) / MALWARE REVERSE-ENGINEER. The successful candidate will be able to effectively perform forensic analysis of digital information, gather and handle evidence in support of incident response investigations. Additionally, the candidate will be expected to perform malware reverse engineering to support such investigations.

WORK HOURS: 6am-6pm

WORK LOCATION:

This position will be a combination of remote and onsite support. Candidate must be able and willing to travel, as required, within the Dulles, Virginia metropolitan area.

RCS TEAM BACKGROUND:

We pride ourselves on having the most highly-skilled DFIR engineers in the industry. Regardless of technology or process specialization, every DFIR engineer is trained in the fundamentals of support, analysis and research into exceptionally complex problems, and processes relating to Cyber Defense and Security Operations Center subject matter.

PRIMARY JOB DUTIES & RESPONSIBILITIES:

  • Digital Forensics and Incident Response (DFIR)
  • Determination of wrong doing facilitated by IT systems or mobile devices
  • Mitigation for insider threat and disgruntled employee data loss
  • Malicious code scans – before and after overseas travel
  • Hard drive forensics

. Intellectual property theft

. Misuse and abuse cases (i.e., viewing adult content, timecard fraud, etc.)

. HR/EEOC related cases

. Recovery of files (maliciously deleted or accidental)

. System sabotage

. Misuse of computer equipment (USB, phones)

. Exposure or loss of company property data

. Employee termination/RIF to analyze hard drive for data loss

  • Incident response

. Analysis to determine if an exploit/vulnerability was used by an attacker

. Breaches

. Data exfiltration

. Ransomware – recovery attempt of files that have been encrypted, determination of IIV, and recommendations to secure the network and limit future attacks

. A/V alert for malware

. Website analysis for defacement, web shells

. Proactive hunting for malware on systems

. Malware analysis, reverse engineering

. Indicators from security alerts

. Determination of what occurred on a system

. Host hunting for malware

. Memory forensics

. Malware cases

. Data exfiltration cases

. Hunting for malware in memory

. Mobile device forensics

. Mobile malware

. Mobile recovery of data

. Text message recovery and call log

. Data exfiltration

  • Communication/Client Engagement/Responsiveness
  • Collaboration with the client’s Security Organization via email, conference call, and phone
  • Responsiveness to client-initiated requests and reports
  • Reporting and communications consistent with client SLAs
  • Support client Service Level Agreements related to alert, event/incident, request/report responsiveness
  • Support development of shift reports, Situation Reports and After Action Reports
  • Engagement and communication with Managed SOC Services resources to perform as one CSIRT
  • Duties as assigned by the Leads or Project Manager including:
  • Performs forensics analysis of digital information and gather and handle evidence in support of legal or incident response investigations
  • Identify network computer intrusion evidence and perpetrators.
  • Investigate computer fraud or other electronic crimes, cracks files and system passwords, detects steganography and recovers deleted, fragmented and corrupted data from digital media of all types
  • Ensure chain of custody and control procedures, documents procedures and findings and prepares comprehensive written notes and reports
  • Recommend hardware, software, and develop policies and procedures for forensics analysis on devices and networks
  • Participate in customer calls and meetings on a regular basis.
  • Maintain current knowledge of relevant technology and trends.

REQUIRED EDUCATION/EXPERIENCE:

  • Bachelor's Degree and 6+ years of related experience (concentration of security operations and analysis). Additional experience can be used in lieu of education.

REQUIRED SKILLS:

  • Proficient with network-based forensics, host-based forensics, malware reverse engineering and incident response/handling
  • Experienced with one or more of the following: EnCase, FTK, X-Ways, SIFT
  • Experienced with SIEM technologies such as Splunk, Volatility
  • Experienced with WireShark, TCPDump, and open source forensic tools
  • Excellent written and verbal communication skills
  • Personality traits: Naturally curious and inquisitive nature; persistent and determined; loves solving problems and puzzles; analytically rigorous; uncompromising integrity.

DESIRED SKILLS:

  • Experience with RSA Netwitness, Splunk, FireEye NX, EX, HX, AX, Carbon Black Response, RSA Archer
  • Experience with firewalls, routers or antivirus appliances
  • Experience working on a 24x7x365 watch desk environment
  • Experience with industry standard help desk tools

DESIRED CERTIFICATIONS:

  • One or more of the following:
  • GCFE
  • GCFA
  • GNFA
  • GREM
  • EnCE

This position may be contingent on contract award and also requires a U.S. Person who is eligible to obtain any required Export Authorization.

161815

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

Read Full Description
Apply
Jobs at Raytheon
Similar Jobs

Discover Similar Jobs

Suggested Articles

Leaving Consulting: The Why, When, How and What For?
When You Should Leave a Job and Other Career Questions Answered
Astronauts Wanted
The Joy of B-Corps
What is a Unicorn Startup?
Managing a Software Career