Principle Incident Responder Raytheon
Bethesda, MD

Job Description

How do you protect against those with bad intentions? You create innovative technical processing solutions and collaborate with some of the finest talent in the IT field. Whether you're an Information Systems Technologist or an Encryption Strategy Expert, at Raytheon you'll grow a varied and rewarding career. And you'll be supported with a comprehensive and competitive benefits package that promotes work/life balance. If you're ready to take on today's big challenges, discover a world of opportunity at Raytheon.

* America's Best Large Employers by Forbes
* Career & Development Opportunities
* Full-time
* Entry, Mid, Senior

Back to Job Navigation (Overview)

Responsibilities

Principle Incident Responder (15-20 Yrs Exp Required)

Support HHS-NIH ISPS (Information Security Program Support) contract to enable mission accomplishment by analyzing all relevant cyber security event data and other information sources for suspicious network traffic, attack indicators and potential security breaches; produce reports, assist in coordination during incidents. In support of the customer's strategic direction, key individuals support the Cyber Security Operations Center (CSOC) employing innovative technologies and techniques.

Must have a current TS/SCI Clearance

The main objective of the NIH Information Security Program is to "safeguard the NIH personnel, patients, computers, networks and data that NIH relies on each day to fulfill its mission." To achieve this objective, the NIH Information Security Program has established the following strategic goals:

Reduce High Risks: Reduce NIH high risk areas; prioritize/High Value Assets (HVAs)

Improve Protections: Improve protections for data, infrastructure, and staff

Complete Visibility: Provide continuous/increased visibility into IT assets, operations, threats, and risks

Integrate NIH Privacy Coordinators into accreditation and authorization processes

These goals will be achieved via NIH-specific initiatives and government-wide projects to promote IT management best practices, including configuration and patch management, system administration, and change and operations management. These activities will also be accomplished via implementation of DHS Continuous Diagnostic & Mitigation (CDM) program guidance and technologies, the NIH information security modernization initiative, and other NIH and HHS information security projects intended to protect and serve the NIH mission, patients, and staff.

Location: CONUS

Job Description:

Looking for a qualified individual to lead the Incident Response Team in the detection, response, mitigation, and reporting of cyber threats affecting client networks. The Team Lead is responsible for handling assignments of the Compute Incident Response Team (CIRT) Specialist concerning escalated incidents. The incident response team lead provides specialized support by gathering, handling, examining, preparing, entering, and searching, retrieving, identifying and/or comparing digital and/or physical evidence concerning incidents with higher escalation rankings or out of the CIRT specialist expertise. The candidate uses forensically sound procedures to determine results.

The team lead observes proper evidence custody and control procedures, documents procedures and findings and prepares comprehensive written notes and reports. The team lead also analyzes network/computer threats and mitigates vulnerabilities while limiting operational impact to the Computer Network Defense (CND) mission in support of the CSOC while providing direction and guidance to the CIRT Specialist. The candidate will function as the technical incident handling domain expert with representation from all mission integrated product teams (IPTs) reporting directly to the Penetration (PEN) Testing/Incident Response Manager.

Responsibilities:

Lead and support the CIRT Specialist

Prioritization and ranking of escalated incidents

Provide support to the in the detection, response, mitigation, and reporting of cyber threats affecting client networks

Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations

Produce reports and briefs to provide an accurate depiction of the current threat landscape and associated risk. Accomplish this through the use of customer, community, and open source reporting

Produce status reports and briefs to senior leadership

Provide analysis for correlated information sources

Facilitate the customer's posturing itself to aggressively investigate cyber activity targeting customer and client information and its information infrastructure

Assist in the education of staff on cyber threats

Liaison with other agency cyber threat analysis entities, such as intra-agency and inter- agency Cyber Threat Working Groups

Maintaining proficiency in the use and production of visualization charts, link analysis diagrams, and database queries

Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions.

Additional duties may include providing intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments by provided support to the malware, forensics and mitigation teams.

Meet and maintain customer required Information Assurance training compliance

Required Skills:

Existing US DOD TS/SCI Clearance

US Citizenship

Willing to work rotating shifts

10+ years' experience in Intelligence collection, analysis, and reporting process/procedures

10+ years hands-on experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:

Experience in computer intrusion analysis and incident response;

Intrusion detection;

Computer network surveillance/monitoring;

Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures;

Experience in computer evidence seizure, computer forensic analysis, and data recovery;

Computer network forensics.

System log analysis

Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks

* Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
* Current experience with cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks

Demonstrated ability to document processes.

The ability to respond to crises objectively.

Proficiency with MS Office Applications

Must be able to work collaboratively across agencies and physical locations

Desired Skills:

10+ years systems cyber security experience

Experience with Risk and Opportunity Management

Shell scripting experience

Experience with process development and deployment

Excellent writing skills

Prior experience working in one of the following highly desired:

Security Operations Center (SOC) /Network Operations Center (NOC)

Computer Emergency/Incident Response Team (CERT/CIRT)

Desired Certifications:

Certified Information Systems Security Professional (CISSP) or

GIAC Certified Incident Handler (GCIH) or

GIAC Certified Enterprise Defender (GCED) or

CompTIA Advanced Security Practitioner (CASP)

GIAC Security Expert (GSE)

Certified Ethical Hacker or Computer Security Incident Handler (CSIH) or GIAC Certified Forensic Analyst (GCFA)

Project Management Professional Certification (PMP)

Required Education (including Major):

Bachelor of Science Degree with major in Computer Science/Electrical Engineering, Engineering, Science or related field. Must have a minimum of 10+ years' experience or equivalent education and experience.

137614

Business Unit Profile

Raytheon Intelligence, Information and Services delivers innovative technology to make the world a safer place. Our expertise in cyber, analytics and automation allow us to reach beyond what others think is possible to underpin national security and give our global customers unique solutions to solve the most pressing modern challenges -- from the cyber domain to automated operations, and from intelligent transportation and training solutions to creating clear insight from large volumes of data. IIS operates at nearly 550 sites in 80 countries, and is headquartered in Dulles, Virginia. The business area generated $6.2 billion in 2018 revenues. As a global business, our leaders must have the ability to understand, embrace and operate in a multicultural world -- in the marketplace and the workplace. We strive to hire people who reflect our communities and embrace diversity and inclusion to advance our culture, develop our employees, and grow our business.

Relocation Eligible

Yes

Clearance Type

TS/SCI - Current

Expertise

Computer Engineering

Computer/Management Information Systems

Cyber Jobs

Information and Knowledge Systems

Type Of Job

Full Time

Work Location

MD - Bethesda

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.