Dulles, Virginia

Raytheon Intelligence & Space (RIS) Cyber Security & Special Missions (CSM) Raytheon Cyber Solutions (RCS) has an immediate job opening for a DIGITAL FORENSICS & INCIDENT RESPONSE (DFIR) / MALWARE REVERSE-ENGINEER. The effective candidate will be able to effectively perform forensic analysis of digital information, gather and handle evidence in support of incident response investigations. Additionally, the candidate will be expected to perform malware reverse engineering to support such investigations. This candidate will also lead the investigations and closely interface with the customercustomer satisfaction throughout all phases and post phases of the investigation

WORK LOCATION
This position will be a combination of remote and onsite support. Candidate must be able and willing to travel, as required.

PRIMARY JOB DUTIES & RESPONSIBILITIES

  • Digital Forensics and Incident Response (DFIR)
    • Determination of wrong doing facilitated by IT systems or mobile devices
    • Mitigation for insider threat and disgruntled employee data loss
    • Malicious code scans ___ for our customers and before and after Raytheon overseas travel as requested
    • Hard drive forensics
      • Intellectual property theft
      • Misuse and abuse cases (i.e., viewing adult content, timecard fraud, etc.)
      • HR/EEOC related cases
      • Recovery of files (maliciously deleted or accidental)
      • System sabotage
      • Misuse of computer equipment (USB, phones)
      • Exposure or loss of company property data
      • Employee termination/RIF to analyze hard drive for data loss
    • Incident response
      • Analysis to determine if an exploit/vulnerability was used by an attacker
      • Breaches
      • Data exfiltration
      • Ransomware ___ recovery attempt of files that have been encrypted, determination of IIV, and recommendations to secure the network and limit future attacks
      • A/V alert for malware
      • Website analysis for defacement, web shells
      • Proactive hunting for malware on systems
      • Malware analysis, reverse engineering
      • Indicators from security alerts
      • Determination of what occurred on a system
      • Host hunting for malware
      • Memory forensics
      • Malware cases
      • Data exfiltration cases
      • Hunting for malware in memory
      • Mobile device forensics
      • Mobile malware
      • Mobile recovery of data
      • Text message recovery and call log
      • Data exfiltration
  • Communication/Client Engagement/Responsiveness
    • Collaboration with the client___s Security Organization via email, conference call, and phone
    • Responsiveness to client-initiated requests and reports
    • Reporting and communications consistent with client SLAs
    • Support client Service Level Agreements related to alert, event/incident, request/report responsiveness
    • Support development of shift reports, Situation Reports and After Action Reports
    • Engagement and communication with Managed SOC Services resources to perform as one CSIRT
  • Duties as assigned by the Leads or Project Manager including:
    • Performs forensics analysis of digital information and gather and handle evidence in support of legal or incident response investigations
    • Identify network computer intrusion evidence and perpetrators.
    • Investigate computer fraud or other electronic crimes, cracks files and system passwords, detects steganography and recovers deleted, fragmented and corrupted data from digital media of all types
    • Ensure chain of custody and control procedures, documents procedures and findings and prepares comprehensive written notes and reports
    • Recommend hardware, software, and develop policies and procedures for forensics analysis on devices and networks
    • Participate in customer calls and meetings on a regular basis
  • Maintain current knowledge of relevant technology and trends.
  • Prepare and give oral out briefs along with full presentations to technical and executive leadership
  • Lessons learned documentation with Recommendations, remediation, and a planned path forward
  • Other duties as assigned

REQUIRED EDUCATION/EXPERIENCE
  • Bachelor's Degree and 8+ years of related experience (concentration of security operations and analysis) or equivalent experience

REQUIRED SKILLS
  • Proficient with network-based forensics, host-based forensics, malware reverse engineering and incident response/handling
  • Experienced with one or more of the following: EnCase, FTK, X-Ways, SIFT
  • Experienced with SIEM technologies such as Splunk, Volatility
  • Experienced with WireShark, TCPDump, and open source forensic tools
  • Excellent written and verbal communication skills
  • Personality traits: Naturally curious and inquisitive nature; perseverant and motivated; loves solving problems and puzzles; analytically rigorous; uncompromising integrity.

DESIRED SKILLS
  • Experience with RSA Netwitness, Splunk, FireEye NX, EX, HX, AX, Carbon Black Response, RSA Archer
  • Experience with firewalls, routers or antivirus appliances DESIRED CERTIFICATIONS:
  • One or more of the following: - GCFE - GCFA - GNFA - GREM - EnCE
169358

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

Dulles, Virginia

Raytheon: Aspiring to be the most admired defense and aerospace systems company through our world-class people, innovation and technology

Raytheon Company is a technology and innovation leader specializing in defense, security and civil markets throughout the world. With a history of innovation spanning 91 years, Raytheon provides state-of-the-art electronics, mission systems integration and other capabilities in the areas of sensing; effects; and command, control, communications and intelligence systems; as well as a broad range of mission support services.

Similar jobs