Raytheon

Intelligence, Information, & Services is seeking an experienced HOST BASED SYSTEM ANALYST LEAD to join an exciting new opportunity in ARLINGTON, VA.

The Host-Based System Analyst Lead will assist Federal leads with overseeing and leading forensic teams at onsite engagements by coordinating evidence collection operations and provide technical assistance on digital evidence matters and forensic investigative techniques to appropriate personnel when necessary. The Host Based System Analyst Lead will also write in-depth reports, support with peer reviews and provide quality assurance reviews for junior personnel and will oversee forensic analysis and mentoring/providing guidance to others on data collection, analysis and reporting in support of onsite engagements.

This role will assist with leading and coordinating forensic teams in preliminary investigation, and will plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence. This role will distill analytic findings into executive summaries and in-depth technical reports and will serve as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols. This role will also track and document on-site incident response activities and provides updates to leadership throughout the engagement and evaluate, extract and analyze suspected malicious code.

This role will be responsible for a team that acquires/collects computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements, assesses evidentiary value by triaging electronic devices, correlates forensic findings with network events to further develop an intrusion narrative and when available, collects and documents system state information (running processes, network connections, etc.) prior to imaging. This team will perform incident triage from a forensic perspective to include determination of scope, urgency and potential impact.

EDUCATION & EXPERIENCE REQUIRED:

Bachelor's degree from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering or related discipline, and with 8+ years of host-based investigations or digital forensics experience; OR 10+ years host investigations or digital forensics experience with a High School diploma.

ADDITIONAL REQUIREMENTS:

The Host Based Systems Analyst Lead requires proficiency and proven capability in the below areas:

• Uses leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
• Follows proper evidence handling procedures and chain of custody protocols
• Produces written reports documenting digital forensic findings
• Determines programs that have been executed, finds files that have been changed on disk and in memory
• Uses timestamps and logs (host and network) to develop authoritative timelines of activity
• Finds evidence of deleted files and hidden data
• Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.)
• Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis
• Performs all-source research for similar or related network events or incidents
• Skill in identifying different classes of attacks and attack stages
• Knowledge of system and application security threats and vulnerabilities
• Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources

DESIRED TECHNICAL CERTIFICATIONS:

GIAC Certified Intrusion Analyst, GIAC Certified Forensic Analyst, GIAC Network Forensic Analyst, and GIAC Reverse Engineering Malware certification desired (or industry recognized equivalent).

CLEARANCE:

An existing TS/SCI Clearance is required, existing DHS Suitability is desired.

This position may be contingent on contract award and also requires a U.S. Person who is eligible to obtain any required Export Authorization.

145037

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.