DESCRIPTION OF PROJECT AND TASKS:
Statement of Work:
Provide support for U.S. Government customers for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Contract personnel performs investigations to characterize of the severity of breaches, develop mitigation plans, and assist with the restoration of services. Raytheon Intelligence & Space (RIS) is seeking a Network-Based Cybersecurity Systems Analyst to support this critical customer mission. Responsibilities: Assists the Government lead in coordinating teams in preliminary incident response investigations – Assists the Government lead with interfacing with the customer while on site.
Determines appropriate courses of actions in response to identified and analyses anomalous network activity – Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations – Assists with the writing and publishing of Computer Network Defense guidance and reports on incident findings to appropriate constituencies – Collects network intrusion artifacts (e.g., PCAP, domains, URI’s, certificates, etc.) and uses discovered data to enable mitigation of potential Computer Network Defense incidents – Analyzes identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information – Collects network device integrity data and analyze for signs of tampering or compromise – Assists with real-time CND incident handling (i.e., forensic collections, intrusion correlation and tracking, threat analysis, and advising on system remediation) tasks to support onsite engagements
Required skills/Level of Experience:
U.S. Citizenship – Must have an active TS/SCI clearance – Must be able to obtain DHS Suitability – 2+ years of directly relevant experience in network investigations – Knowledge of Computer Network Defense policies, procedures, and regulations – Knowledge and experience of TCP/IP and the OSI model – Knowledge and experience of standard protocols – ICMP, HTTP/S, DNS, SSH, SMTP, SMB, NFS – Knowledge and experience of Wifi networking – Knowledge and experience of network topologies, including DMZ’s, WAN’s, etc. – Knowledge and experience of Defense-in-depth principles and general attack stages with respect to network security architecture – Ability to characterize and analyze network traffic to identify anomalous activity and potential threats to network resources – Ability to identify and analyze anomalies in network traffic using metadata – Experience with reconstructing a malicious attack or activity based on network traffic – Experience examining network topologies to understand data flows through the network – Must be able to work collaboratively across physical locations
Nice to have skills:
Experience with one or more of the following: DevOps concepts and practices, Cloud and Virtualization technologies, Docker, Kubernetes, OpenShift, IDaM, VMWare, Automation, Python, Ansible, Git – Experience working in an agile development environment