Not specified
Concerned about your lack of experience? Learn More...
Employment Type:
Not Specified
Job Category:
Aerospace & Aeronautics
Principle Incident Responder
Raytheon Company | Bethesda, Maryland
Tell Us More About Your Job Preferences
By telling us what you think of this job, we can help find jobs that match your interests. If you want to see more jobs like this, click on the smiley face. Or if this job isn't what you are looking for, click the frowny face. Learn More...

Follow This Company

Job Description

Principle Incident Responder (15-20 Yrs Exp Required)

Support HHS-NIH ISPS (Information Security Program Support) contract to enable mission accomplishment by analyzing all relevant cyber security event data and other information sources for suspicious network traffic, attack indicators and potential security breaches; produce reports, assist in coordination during incidents. In support of the customer’s strategic direction, key individuals support the Cyber Security Operations Center (CSOC) employing innovative technologies and techniques.

Must have a current TS/SCI Clearance

The main objective of the NIH Information Security Program is to “safeguard the NIH personnel, patients, computers, networks and data that NIH relies on each day to fulfill its mission.” To achieve this objective, the NIH Information Security Program has established the following strategic goals:
Reduce High Risks: Reduce NIH high risk areas; prioritize/High Value Assets (HVAs)
Improve Protections: Improve protections for data, infrastructure, and staff
Complete Visibility: Provide continuous/increased visibility into IT assets, operations, threats, and risks
Integrate NIH Privacy Coordinators into accreditation and authorization processes
These goals will be achieved via NIH-specific initiatives and government-wide projects to promote IT management best practices, including configuration and patch management, system administration, and change and operations management. These activities will also be accomplished via implementation of DHS Continuous Diagnostic & Mitigation (CDM) program guidance and technologies, the NIH information security modernization initiative, and other NIH and HHS information security projects intended to protect and serve the NIH mission, patients, and staff.
Location: CONUS

Job Description:
Looking for a qualified individual to lead the Incident Response Team in the detection, response, mitigation, and reporting of cyber threats affecting client networks. The Team Lead is responsible for handling assignments of the Compute Incident Response Team (CIRT) Specialist concerning escalated incidents. The incident response team lead provides specialized support by gathering, handling, examining, preparing, entering, and searching, retrieving, identifying and/or comparing digital and/or physical evidence concerning incidents with higher escalation rankings or out of the CIRT specialist expertise. The candidate uses forensically sound procedures to determine results.
The team lead observes proper evidence custody and control procedures, documents procedures and findings and prepares comprehensive written notes and reports. The team lead also analyzes network/computer threats and mitigates vulnerabilities while limiting operational impact to the Computer Network Defense (CND) mission in support of the CSOC while providing direction and guidance to the CIRT Specialist. The candidate will function as the technical incident handling domain expert with representation from all mission integrated product teams (IPTs) reporting directly to the Penetration (PEN) Testing/Incident Response Manager.

Lead and support the CIRT Specialist
Prioritization and ranking of escalated incidents
Provide support to the in the detection, response, mitigation, and reporting of cyber threats affecting client networks
Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
Produce reports and briefs to provide an accurate depiction of the current threat landscape and associated risk. Accomplish this through the use of customer, community, and open source reporting
Produce status reports and briefs to senior leadership
Provide analysis for correlated information sources
Facilitate the customer's posturing itself to aggressively investigate cyber activity targeting customer and client information and its information infrastructure
Assist in the education of staff on cyber threats
Liaison with other agency cyber threat analysis entities, such as intra-agency and inter- agency Cyber Threat Working Groups
Maintaining proficiency in the use and production of visualization charts, link analysis diagrams, and database queries
Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions.
Additional duties may include providing intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments by provided support to the malware, forensics and mitigation teams.
Meet and maintain customer required Information Assurance training compliance

Required Skills:
Existing US DOD TS/SCI Clearance
US Citizenship
Willing to work rotating shifts
10+ years’ experience in Intelligence collection, analysis, and reporting process/procedures
10+ years hands-on experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:
Experience in computer intrusion analysis and incident response;
Intrusion detection;
Computer network surveillance/monitoring;
Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures;
Experience in computer evidence seizure, computer forensic analysis, and data recovery;
Computer network forensics.
System log analysis
Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
- Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
- Current experience with cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
Demonstrated ability to document processes.
The ability to respond to crises objectively.
Proficiency with MS Office Applications
Must be able to work collaboratively across agencies and physical locations

Desired Skills:
10+ years systems cyber security experience
Experience with Risk and Opportunity Management
Shell scripting experience
Experience with process development and deployment
Excellent writing skills
Prior experience working in one of the following highly desired:
Security Operations Center (SOC) /Network Operations Center (NOC)
Computer Emergency/Incident Response Team (CERT/CIRT)

Desired Certifications:
Certified Information Systems Security Professional (CISSP) or
GIAC Certified Incident Handler (GCIH) or
GIAC Certified Enterprise Defender (GCED) or
CompTIA Advanced Security Practitioner (CASP)
GIAC Security Expert (GSE)
Certified Ethical Hacker or Computer Security Incident Handler (CSIH) or GIAC Certified Forensic Analyst (GCFA)
Project Management Professional Certification (PMP)

Required Education (including Major):
Bachelor of Science Degree with major in Computer Science/Electrical Engineering, Engineering, Science or related field. Must have a minimum of 10+ years’ experience or equivalent education and experience.


Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.


About Raytheon Company

Raytheon Company is a technology and innovation leader specializing in defense, civil government and cybersecurity markets throughout the world. With a history of innovation spanning 92 years, Raytheon provides state-of-the-art electronics, mission systems integration and other capabilities in the areas of sensing; effects; and command, control, communications and intelligence systems; as well as a broad range of mission support services

Advertisement Advertisement