CSOC Analyst Tier 3 Raytheon
Bethesda, MD

Job Description

CSOC Analyst Tier 3 (10-15 Yrs Exp Required)

Support a proprietary customer contract to enable mission accomplishment by analyzing all relevant cyber security event data and other information sources for suspicious network traffic, attack indicators and potential security breaches; produce reports, assist in coordination during incidents. In support of the customer's strategic direction, key individuals support the Cyber Security Operations Center (CSOC) employing innovative technologies and techniques.

Job Description:

Looking for a qualified individual who can support the intrusion detection system aspects for the Monitoring & Vulnerability Analysis Team as a CSOC Analyst Tier 3 by applying an advanced knowledge of information security services/analysis concepts, practices and procedures. Support will include providing oversight and guidance of analysts for detecting and evaluating intrusions.

Responsibilities:

Assess information network threats such as computer viruses, exploits, and malicious attacks; operate vulnerability assessment equipment in support of intrusion analyses

Determine true threats, false positives and network system mis-configurations and provide solutions to issues detected in a timely manner.

Monitor for potential compromise, intrusion, deficiency, significant event or threat to the security posture and security baseline. Follow intrusion and escalation processes and procedures.

Integrated Defense System/In Plane Switching (IDS/IPS) Signature Analysis, Development and Testing

Tune IDS/IPS Systems

Security Information Event Manager (SIEM) content Analysis, Development and Testing

Web Content Filtering Analysis, Development and Testing

Tune IDS/IPS Systems

Development of standard operating procedures and other technical documentation for the IDS infrastructure.

Keep abreast of developments in field of expertise to ensure knowledge base remains current.

Routinely provide guidance to and assists in the training of less experienced staff.

Required Skills:

Existing Level 6: Public Trust - High Risk Background Investigation

US Citizenship

Willing to work rotating shifts

10-15 years of experience in systems cyber security analysis

Working knowledge of network security management and operations

Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:

Experience in computer intrusion analysis and incident response

Intrusion detection

Knowledge and understanding of network devices, multiple operating systems, and secure architectures

Working knowledge of network protocols and common services such as DNS, FTP, email, CP/ICMP/UDP

System log analysis

Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)

Experience managing, responding to and resolving situations caused by network attacks

Experience using current monitoring technologies such as: SourceFire-SNORT, ArcSight, or NetScout etc.

Current experience with cyber threats and their associated tactics, techniques, and procedures

Ability to assess information of network threats such as scans, computer viruses or complex attacks

Demonstrated ability to document processes

SIEM experience with ArcSight ESM and Logger

Working knowledge of network protocols and common services such as DNS, FTP, email, CP/ICMP/UDP

Hands-on experience with NIDS (Network IDS) and HIDS (Host based IDS)

Must be able to work collaboratively across cyber threat teams and effectively communicate both written and orally

Proficiency with MS Office Applications

Experience with information network software and hardware

Strong understanding and working knowledge of current country and/or Intel security regulations, directives, and policies

Working knowledge of WAN/LAN concepts and technologies

Working knowledge of Linux/Unix, including scripting, and basic system administration.

Knowledge of signature development

IDS/IPS Signature Analysis, Development and Testing

SIEM content Analysis, Development and Testing

Familiarity with packet analysis to include:

HTTP Headers & Status codes

SMTP Traffic & Status codes

FTP Traffic & Status Codes

DNS Queries

PKI Certificate Exchange

Desired Skills:

Ability to speak and read English

Experience with firewalls, routers or antivirus appliances a plus

Experience working on a 24x7x365 operations center environment

Experience with ArcSight SIEM tool is a plus

Experience with CA Service Desk Manager

Demonstrated advanced understanding and in-depth knowledge of regular expressions

Demonstrated advanced understanding and in-depth knowledge of scripting languages (perl, python, javascript, etc.)

Demonstrated experience in Security Information Event Management (SIEM) and Intrusion Prevention System (IPS) tools

Experience establishing and maintaining good working relationships in all levels of the organization, including customers, organizations, internal management, and support organizations

Prior experience working in one of the following is highly desired:

Security Operations Center (SOC)/Network Operations Center (NOC)

Computer Emergency/Incident Response Team (CERT/CIRT)

Desired Certifications:

Certified Information Systems Security Professional (CISSP) or

GIAC Certified Incident Handler (GCIH) or

GIAC Certified Enterprise Defender (GCED) or

GIAC Security Expert (GSE) or

Certified Information Security Manager (CISM)

Certified Ethical Hacker (CEH) or GIAC Intrusion Analyst (GCIA)

ArcSight Security Analyst Certification

Required Education (including Major):

Bachelor of Science Degree with a major in Computer Science/Computer Engineering, Engineering, Science or a related field. The candidate must have a minimum of 15+ years of experience or equivalent education with experience.

141612 Business Unit Profile

Raytheon Intelligence, Information and Services delivers innovative technology to make the world a safer place. Our expertise in cyber, analytics and automation allow us to reach beyond what others think is possible to underpin national security and give our global customers unique solutions to solve the most pressing modern challenges -- from the cyber domain to automated operations, and from intelligent transportation and training solutions to creating clear insight from large volumes of data. IIS operates at nearly 550 sites in 80 countries, and is headquartered in Dulles, Virginia. The business area generated $6.2 billion in 2018 revenues. As a global business, our leaders must have the ability to understand, embrace and operate in a multicultural world -- in the marketplace and the workplace. We strive to hire people who reflect our communities and embrace diversity and inclusion to advance our culture, develop our employees, and grow our business.

Relocation Eligible

Yes

Clearance Type

Public Trust Current

Expertise

Cyber Jobs

Information and Knowledge Systems

Type Of Job

Full Time

Work Location

MD - Bethesda

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.