Cyber Threat Analyst I

Company: RTX
Location: Virginia Beach
Posted on: October 15, 2020

Job Description:

Raytheon Intelligence & Space (RIS) ? Cybersecurity, Training & Services (CTS) has an immediate opening for a Cyber Penetration Tester to support a U.S. Federal Agency contract to enable mission accomplishment by performing independent penetration testing to ensure appropriate security controls and safeguards are in place and function as intended for the designated systems. The penetration test are conducted in accordance with NSA INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM), and includes discovery activities, attack planning, test execution, and detailed reporting on test scenarios, findings, and recommendations. Identify current and emerging threat trends, threat actors using a variety of cyber threat intelligence sources. Provide technical assessments of cyber threat actor use of cyber vulnerabilities, exploits, payloads, access infrastructures, and mission platforms. Conduct all-source research on cyber threat actors and intrusion sets (eg, APTs); evaluate both technical and Intel reporting for cyber threat activities of interest. Conduct detailed analysis of incidents, threats, vulnerabilities, tactics, techniques and procedures (TTP), and other malicious and non-malicious indicators. Job Description: Conducts network or software vulnerability assessments and penetration testing utilizing reverse engineering techniques. Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Evaluates system security configurations. Evaluates findings and performs root cause analysis. Performs analysis of complex software systems to determine both functionality and intent of software systems. Resolves highly complex malware and intrusion issues. Contributes to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations. May prepare and presents technical reports and briefings. May perform documentation, vetting and utilizing identified vulnerabilities for operational use. Responsibilities: Shall perform specific activities that include, but not limited to the following:

• Develop and maintain a multi-year schedule for penetration testing activities
• Interface and coordinate with third party organizations performing penetration testing for DS/CTS/CMO
• Interface and coordinate with system owners to establish targets for testing, test schedule, test goals, and rules of engagement
• Organize and lead efforts that document and design improvement strategies for discovered vulnerabilities and monitoring gaps
• When authorized, exploit known vulnerabilities against Department systems in a controlled manner to ensure Department defenses can detect exploitation
• Plan and coordinate Department participation in support of each specific penetration test
• Design, perform and report on penetration testing of systems to satisfy the NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, Penetration Testing Execution Standard (PTES), and Information Systems Security Assessment Framework (ISSAF)
• Produce reports and conduct management briefings on test activities, scenarios, results and recommendations
• Stay abreast of current attack vectors and unique methods for exploitation of computer networks
• Develop unique exploit code and attack vectors to conduct penetration tests
• Render expertise and guidance to other cyber security programs regarding intrusion methods Required Skills: Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
  • Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:
    • Experience in computer intrusion analysis and incident response
    • Working knowledge of Intrusion detection/protection systems
    • Knowledge and understanding of network devices, multiple operating systems, and secure architectures
    • Working knowledge of network protocols and common services
    • System log analysis
    • Experience responding to and resolving situations caused by network attacks
    • Ability to assess information of network threats such as scans, computer viruses or complex attacks
    • Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
    • Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk
    • Selects, installs, and configures security testing platforms and tools or develop tools and procedures for penetration tests
    • Performs penetration testing using standard penetration tools (Metasploit, Nmap, Nessus, Burp Suite, etc.)
    • SIEM content Analysis, Development and Testing
    • Experience with SIEMS (such as NetWitness, Splunk, SumoLogic, QRadar)
    • Experience with EDR solutions (Carbon Black, Crowdstrike, FireEye, SentinelOne)
    • Familiarity with packet analysis to include: HTTP Headers & Status codes, SMTP Traffic & Status codes, FTP Traffic & Status Codes
    • Knowledge of and practical experience of integration of COTS or open source tools
    • Excellent written and verbal communication skills
    • Personality traits: Naturally curious and inquisitive nature; persistent and determined; loves solving problems and puzzles; analytically rigorous; uncompromising integrity
    • Demonstrated ability to document processes
    • Proficiency with MS Office Applications
    • Must be able to work collaboratively across teams and physical locations
    • Willing to work rotating shifts
    • Must have an Active TS with the ability to obtain at TS/SCI Required Certifications: Possess at least one relevant professional designation or related advanced IT certification, but not limited to the following: Certified Information Systems Security Professional (CISSP)
      • GIAC Penetration Tester (GPEN)
      • GIAC Certified Incident Handler (GCIH)
      • GIAC Network Forensic Analyst (GNFA)
      • GIAC Intrusion Analyst (GCIA) Desire Skills:
        • Prior experience working in any of the following:
          • Security Operations Center (SOC)
          • Network Operations Center (NOC)
          • Computer Incident Response Team (CIRT)
          • Experience with RSA Netwitness, Splunk, FireEye NX, EX, HX, AX, Carbon Black Response, RSA Archer
          • Experience with firewalls, Routers or antivirus appliances
          • Experience working on a 24x7x365 watch desk environment
          • Experience with industry standard help desk tools
          • Working knowledge of WAN/LAN concepts and technologies Desired Certifications: Possess at least one relevant professional designation or related advanced IT certification, but not limited to the following:
            • GIAC Certified Enterprise Defender (GCED)
            • GIAC Security Expert (GSE)
            • Certified Information Security Manager (CISM)
            • Certified Ethical Hacker (CEH Required Education (including Major): Bachelor of Science Degree with major in Computer Science/Electrical Engineering, Engineering, Science or related field. Must have a minimum of 1+ years? experience or equivalent education and experience.
            • Occasional travel within CONUS and OCONUS is required 165545Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender orientation, gender identity, national origin, disability, or protected Veteran status.

Keywords: RTX, Virginia Beach , Cyber Threat Analyst I, Professions , Virginia Beach, Virginia