Cyber Network Forensic Analyst (Network Based)

RTX Arlington , VA 22201

Posted 3 weeks ago

The DHS's Hunt and Incident Response Team (HIRT) secures the Nation's cyber and communications infrastructure. HIRT provides DHS's front line response for cyber incidents and proactively hunting for malicious cyber activity. Raytheon Technologies is supporting a U.S. Government customer to provide support for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Contract personnel perform investigations to characterize of the severity of breaches, develop mitigation plans, and assist with the restoration of services. Raytheon Intelligence & Space (RIS) is seeking a Cyber Network Forensic Analyst (Network Based) to support this critical customer mission.


  • Assists the Government lead in coordinating teams in preliminary incident response investigations

  • Assists the Government lead with interfacing with the customer while on site

  • Determines appropriate courses of actions in response to identified and analyses anomalous network activity

  • Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations

  • Assists with the writing and publishing of Computer Network Defense guidance and reports on incident findings to appropriate constituencies

  • Collects network intrusion artifacts (e.g., PCAP, domains, URI's, certificates, etc.) and uses discovered data to enable mitigation of potential Computer Network Defense incidents

  • Analyzes identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information

  • Collects network device integrity data and analyze for signs of tampering or compromise

  • Assists with real-time CND incident handling (i.e., forensic collections, intrusion correlation and tracking, threat analysis, and advising on system remediation) tasks to support onsite engagements

Required Skills:

  • U.S. Citizenship

  • Must have an active TS/SCI clearance

  • Must be able to obtain DHS Suitability

  • 2+ years of directly relevant experience in network investigations

  • Knowledge of Computer Network Defense policies, procedures, and regulations

  • Knowledge and experience of TCP/IP and the OSI model

  • Knowledge and experience of standard protocols - ICMP, HTTP/S, DNS, SSH, SMTP, SMB, NFS

  • Knowledge and experience of Wifi networking

  • Knowledge and experience of network topologies, including DMZ's, WAN's, etc.

  • Knowledge and experience of defense-in-depth principles and general attack stages with respect to network security architecture

  • Ability to characterize and analyze network traffic to identify anomalous activity and potential threats to network resources

  • Ability to identify and analyze anomalies in network traffic using metadata

  • Experience with reconstructing a malicious attack or activity based on network traffic

  • Experience examining network topologies to understand data flows through the network

  • Must be able to work collaboratively across physical locations

Desired Skills:

  • Knowledge and experience in network device integrity concepts and methodologies

  • Knowledge and experience in network analysis software, such as Wireshark

  • Knowledge and experience in carving and extracting information from PCAP data

  • Knowledge and experience in non-traditional network traffic, including Command and Control

  • Understanding of how to preserve evidence integrity according to standard operating procedures or national standards

Required Education:

BS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree or a HS Diploma & 4-6 years of network investigations experience

Desired Certifications:

  • DoD 8140.01 IAT Level II, IASAE II, CSSP Analyst


LCAT Equivalent definition:

BS Computer Science, Cybersecurity, Computer Engineering or related discipline & 2-4 years of network investigations experience. HS Diploma & 4-6 years of network investigations experience

Two years of related work experience may be substituted for each year of degree level education.


Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender orientation, gender identity, national origin, disability, or protected Veteran status.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Cybersecurity Analyst (Network Detection / Network Hunt)


Posted 2 weeks ago

VIEW JOBS 6/8/2021 12:00:00 AM 2021-09-06T00:00 <p></p><p>At phia, our goal is to hire talented and passionate team members who desire to grow their skillsets, as well as the reputation of the company with our partners, clients, and stakeholders. We are seeking a Senior Cybersecurity Analyst to support a large Federal security operations, analysis, and threat-hunting organization. This team performs both near-realtime intrusion detection and network defense, as well as retrospective analysis in large data sets using “big data” platforms and custom analytics. This position will be based at our customer site in Arlington, VA. (with frequent/full remote options during COVID-19). <br></p><p><strong>Responsibilities</strong></p><p></p><ul> <li>Perform technical analysis of network activity across a large enterprise</li> <li>Leverage an array of network monitoring and detection capabilities (including netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data) to identify cyber adversary activity</li> <li>Assess cyber threat intelligence reporting/indicators/observables/trends and collaborate in the development of IDS signatures, detection analytics and active countermeasures</li> <li>Recommend new network-based detection and mitigation/countermeasure strategies, and advise on the development of new tools/capabilities</li> <li>Triage detection and countermeasure alerting; assess the effectiveness of those mechanisms and tune to enhance/improve accuracy and precision.</li> <li>Develop and apply methods to analyze and visualize network flow data for anomalies and to correlate various types of threat reporting and adversary TTPs with enterprise-wide network activity</li> <li>Document key event details and analytic findings in threat intelligence platforms and incident management systems</li> <li>Author and publish technical advisories/bulletins/reporting, both on individual events and larger trends</li> <li>Produce detailed, comprehensive, and technically sound analysis reports and review analysis reports from other analysts</li> <li>Monitor and report on trends and activity on network sensor platforms</li> <li>Provide technical assessments of cyber threats &amp; vulnerabilities and use network data to assess the defensive posture/exposure of the organization</li> <li>Collect analysis metrics and trending data, identify key trends, and provide situational awareness on these trends</li> <li>Communicate and collaborate with analysts from other cyber analysis teams/organizations (internal and external)</li> <li>Provide routine status updates for ongoing projects, trouble tickets, incidents, and other related tasks</li> <li>Maintain awareness of major events and trends in the cyber security landscape</li> <li>Research and evaluate emerging detection/analysis capabilities</li> <li>Innovate new methods to use existing tools and data sources, and identify and obtain new data sources, to detect cyber adversary activity</li> </ul><p><strong>Requirements</strong></p><p><strong>Education + Experience </strong></p><ul> <li>Bachelor’s Degree in Cybersecurity, Information Technology, or a related discipline is desired</li> <li>In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies (TTPs)</li> <li>In-depth knowledge of network intrusion detection and analysis principles and methods and related tools/technology</li> <li>Direct experience with network traffic monitoring/capture/analysis capabilities, and various IDS, IPS, SIM/SIEM/SOAR technologies, to include IDS signature development and common signature syntax.</li> <li>Working knowledge of security operations center (SOC) environments and processes</li> <li>Proficiency with datasets that support analysis (e.g., passive DNS, WHOIS/registration data, system/service enumeration data, threat intelligence indicators/observables, malware analysis results, etc) and various open-source and commercial vendor portals/services/platforms that provide that data</li> <li>Experience performing or leading SOC or security analysis operations/functions</li> <li>Relevant experience in cyber defense, focused specifically on network traffic/intrusion analysis</li> <li>Proficiency working with various types of network data (e.g., netflow, PCAP, custom application logs), ideally in high volumes</li> <li>Basic software development/scripting capability (primarily focused around analyst automation/optimization, dealing with large analysis datasets, etc.)</li> <li>Familiarity with vulnerability research/discovery and management, red-teaming/pen-testing assessment, and security audit methodologies and capabilities</li> <li>Familiarity with all related aspects of cybersecurity operations/analysis (e.g., incident response &amp; management, forensic media analysis, malware analysis/reverse-engineering, cyber threat intelligence analysis, etc.) and security architecture &amp; engineering</li> </ul><p><strong>Certifications</strong></p><ul><li>Industry certifications such as GCIA, GCIH, GCDA, GCED, GDAT, JCAC are a plus.</li></ul><strong>Security Clearance</strong><ul><li>This position will require U.S. citizenship and an active Top Secret security clearance. DHS EOD suitability will be required prior to start.</li></ul><p><strong>Who You Are</strong></p><ul> <li>A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.</li> <li>Intellectually curious with a genuine desire to learn and advance your career.</li> <li>An effective communicator, both verbally and in writing.</li> <li>Customer service oriented and mission focused.</li> <li>Critical thinker with excellent problem-solving skills</li> </ul> <p><br></p><p><strong>Benefits</strong></p><p><strong>COMPANY OVERVIEW:</strong></p> <p>phia, LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis &amp; Incident Response, Cyber Architecture &amp; Capability Analysis, Cyber Policy &amp; Strategy, Information Assurance/Security, Compliance, Certification &amp; Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.</p> <p>phia offers excellent benefits for full time candidates to enhance the work-life balance, these include the following:</p> <ul> <li>Medical Insurance</li> <li>Dental Insurance</li> <li>Vision Insurance</li> <li>Life Insurance</li> <li>Short Term &amp; Long-Term Disability</li> <li>401k Retirement Savings Plan with Company Match</li> <li>Paid Holidays</li> <li>Paid Time Off (PTO)</li> <li>Tuition and Professional Development Assistance</li> <li>Flex Spending Accounts (FSA)</li> <li>Parking Reimbursement</li> <li>Monthly Payroll</li> </ul> Phia Arlington VA

Cyber Network Forensic Analyst (Network Based)