**This position is contingent based on contract award**
Are you the type of person that wants to start-up a new company in an exploding field? Raytheon has the opportunity for you. Cyber attacks are worldwide and countries/companies are looking for their partners in solving the challenging problems. Our ideal candidate is someone with great problem-solving skills, an outgoing and energetic personality, a high degree of creativity, innovation and out-of-the box thinking all with a mind for business!
Raytheon is seeking a Threat Detection Organization (TDO) Lead for the design, development, integration and operations of a Security Operations Center (SOC) in Abu Dhabi, UAE. The candidate must have proven performance delivering cyber products and technical services to the MENA region. This role will be responsible for ensuring the successful integration of cyber COTS products while working with subcontractors.
This assignment may require shift work and weekend work. All candidates must be able to work 2nd and 3rd shifts. All candidates must be able to work over the weekends.
Responsibilities will include:
• Work closely with the Program Manager, Chief Engineer and Lead Integrator and/or Assistant SOC Manager to ensure technology, engineering resources, and planning allow the program to meet the current and future business requirements.
• Ensure the program follows DevOps/Agile principles in the execution of the program
• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
• Facilitate the customer's posturing itself to aggressively investigate cyber activity targeting customer and client information and its information infrastructure
• Assist in the education of staff on cyber threats and threat hunting methodology
• Maintaining proficiency in the use and production of visualization charts, link analysis diagrams, and database queries
• Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions.
• Provides insights to other team members on nuances of networking technologies, architectures, and network traffic analysis to support other analysts who do not have networking experience.
• Develops models for identifying incident-type activity, of malware or bad actors, using statistical analysis
• Develop dashboards to assist in automation and awareness for incident response and playbooks for automating investigations
• Reviews incident logs/records mining for evidence of malicious tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)
• Researches Internet sources and threat intelligence databases to try and find evidence in customer logs
• Explores patterns in network and system activity through log correlation using Splunk and other tools
• Investigates evidence of threats against Windows, Linux, Database, Applications, web servers, firewalls or other relevant technologies
• Ingest IOC s to assess impact to organization
• Share IOC s with internal and external teams for validation and collaboration.
• Provide timely, accurate and relevant intelligence products to the customer to include a variety of intelligence reports, PowerPoint presentations, and various briefings.
• Leverage internal and external resources to research threats, vulnerabilities, and intelligence on various attackers and attack infrastructure
• On a rolling basis, use our hunting VDI solution to identify root cause, scope, and severity of each incident and compile findings into a finished analytical product Recommend tuning and instrumentation improvements to VSOC clients
• Work with our Threat Intelligence and Digital Forensics and Incident Response (DFIR) Teams to identify threats, develop or recommend countermeasures to our clients, and perform advanced network and host analysis in the event of a compromise
• Work with our Research and Development Team to improve and expand toolsets Receive training on and demonstrate competency in multiple NSM/SIEM platforms
• Interface with customers to consult with them on best security practices and help them mature their security posture
• Demonstrated to advanced experience with computer networking and operating systems
• Experience with one of the following: Splunk, NetWitness, Arcsight, McAfee NSM, and other related tools
• Statistical modeling and analysis experience to infer possible cybersecurity threats
• Demonstrated to advanced experience of current threats, vulnerabilities, and attack trends
• Experience in analysis in investigations, such as in IT, law enforcement, military intelligence, or business analytics
• Interest in learning about Windows, Linux, Database, Application, Web server, firewall, SIEM etc. log analysis
• Verbal/written communication and interpersonal skills to effectively communicate with team-members
• Must be highly motivated with the ability to self-start, prioritize, multi-task and work in a team setting
• Understanding of intelligence cycle, Cyber Kill Chain, and Diamond Model
• Critical thinking and problem solving skills
• Possess good time management and written and oral communications skills
• Experience in Devops/Agile practices and ITIL practices
• Familiarity with common network vulnerability/penetration testing
• Experience evaluating systems and network devices and enterprise networks for IA vulnerabilities
• Experience evaluating enterprise networks for IA/security vulnerabilities
• Splunk query-development expertise
• Experience on an Incident Response team performing Tier I/II initial incident triage.
• Excellent writing skills
• DODI 8570.1-M Compliance at IAT Level II; CISSP, Certified Ethical Hacker (C|EH), SFCP, GCIA, SEC , Network , A , GSEC, GIAC, Splunk Power User
• G10 requires 8 Years, with a B.S./B.A. in Engineering, Science, or Mathematics or 6 years with MS/MA in Engineering, Science or Mathematics or 4 years with PhD in Engineering, Science or Mathematics. Additional years of experience may be substituted in lieu of degree.
IIS Salary Grade G10