**This position is contingent based on contract award**
Are you the type of person that wants to start-up a new company in an exploding field? Raytheon has the opportunity for you. Cyber attacks are worldwide and countries/companies are looking for their partners in solving the challenging problems. Our ideal candidate is someone with great problem-solving skills, an outgoing and energetic personality, a high degree of creativity, innovation and out-of-the box thinking all with a mind for business!
Raytheon is seeking a qualified individual to lead the IncidentResponseTeam in the design, development, integration and operations of a Security Operations Center (SOC) in Abu Dhabi, UAE .
The position will be responsible for handling the detection, response,mitigation,and reporting of cyberthreats affecting client networks . The candidate must have proven performance delivering cyber products and technical services to the MENA region. This role will participate in ensuring the successful integration of cyber COTS products while working with subcontractors.
The Incident Response Lead is responsible for handling assignments of the Compute IncidentResponseTeam(CIRT) Specialist concerning escalated incidents. The incident response team leadprovidesspecialized support bygathering,handling,examining,preparing,entering,andsearching,retrieving, identifying and/or comparingdigital and/or physical evidence concerning incidents with higherescalationrankings or out of the CIRT specialist expertise. The candidate uses forensically sound procedures to determineresults. The teamlead observes properevidence custody and controlprocedures, documents procedures and findings and preparescomprehensivewrittennotes and reports. The teamleadalsoanalyzesnetwork/computerthreats and mitigatesvulnerabilitieswhile limitingoperationalimpact to the ComputerNetworkDefense (CND) mission in support of the Security Operations Center while providingdirectionandguidance to the CIRT Specialist.
This assignment may require shift work and weekend work. All candidates must be able to work 2nd and 3rd shifts. All candidates must be able to work over the weekends.
Responsibilities will include:
• Lead and support the CIRT Specialist
• Prioritization and ranking of escalated incidents
• Provide support to the in the detection, response, mitigation, and reporting of cyber threats affecting client networks
• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
• Produce reports and briefs to provide an accurate depiction of the current threat landscape and associated risk. Accomplish this through the use of customer, community, and open source reporting
• Produce status reports and briefs to senior leadership
• Provide analysis for correlated information sources
• Facilitate the customer's posturing itself to aggressively investigate cyber activity targeting customer and client information and its information infrastructure
• Assist in the education of staff on cyber threats
• Liaison with other agency cyber threat analysis entities, such as intra-agency and inter- agency Cyber Threat Working Groups
• Maintaining proficiency in the use and production of visualization charts, link analysis diagrams, and database queries
• Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions.
• Additional duties may include providing intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments by provided support to the malware, forensics and mitigation teams.
• Meet and maintain customer required Information Assurance training compliance
• 6 -8 years of relevant work experience
• Demonstrated to advanced experience with computer networking and operating systems
• Experience with one of the following: Splunk, NetWitness, Arcsight, McAfee NSM, and other related tools
• Demonstrated to advanced experience of current threats, vulnerabilities, and attack trends
• Experience in analysis in investigations, such as in IT, law enforcement, military intelligence, or business analytics
• Interest in learning about Windows, Linux, Database, Application, Web server, firewall, SIEM etc. log analysis
• Verbal/written communication and interpersonal skills to effectively communicate with team-members
• Must be highly motivated with the ability to self-start, prioritize, multi-task and work in a team setting
• Understanding of intelligence cycle, Cyber Kill Chain, and Diamond Model
• Experience designing and executing formal incident response processes, including (but not limited to) investigations, evidence collection, proper data handling, chain of custody, forensic analysis, crisis management, and system recovery
• Critical thinking and problem solving skills
• Possess good time management and written and oral communications skills
• Experience in Devops/Agile practices and ITIL practices
• Experience supporting International Customers
• Experience on an Incident Response team performing Tier I/II initial incident triage.
• Experience with Risk and Opportunity Management
• Shell scripting experience
• Experience with process development and deployment
• Excellent writing skills
• Prior experience working in one of the following highly desired:
• Security Operations Center (SOC) /Network Operations Center (NOC)
• Computer Emergency/Incident Response Team (CERT/CIRT)
• Certified Ethical Hacker or Computer Security Incident Handler (CSIH) or GIAC Certified Forensic Analyst (GCFA)
• Project Management Professional Certification (PMP)
• GIAC Security Expert (GSE)
• One of following:
• Certified Information Systems Security Professional (CISSP) or
• GIAC Certified Incident Handler (GCIH) or
• GIAC Certified Enterprise Defender (GCED) or
• CompTIA Advanced Security Practitioner (CASP)
• Bachelor s degree in Computer and Information Systems, Engineering, Science, or Mathematics or equivalent related experience may be considered in lieu of a degree.