Cyber ​​Network Defense Analyst II at RTX – VA543: 22270 Pacific Blvd, Dulles 22270 Pacific Boulevard Building CC5, Sterling, VA, 20166-6924 USA

Date posted:

2024-04-05

Country:

United States of America

Location:

VA543: 22270 Pacific Blvd, Dulles 22270 Pacific Boulevard Building CC5, Sterling, VA, 20166-6924 USA

Position Role Type:

Hybrid

You have been directed to the RTX careers page because we recently transitioned RTX to a standalone company, which provides us with greater autonomy and growth opportunities. As a future Nightwing employee, you will have the opportunity to contribute to our continued success and shape the future of our cybersecurity, intelligence, and service offerings.

Nightwing provides technically advanced full-spectrum cyber, data operations, systems integration, and intelligence mission support services to address our customers’ most demanding challenges. Our capabilities include cyber space operations, cyber defense and resilience, vulnerability research, pervasive technical monitoring, data intelligence, lifecycle mission enablement, and software modernization. Nightwing delivers disruptive technologies, agility, and competitive offerings to customers in the intelligence community, defense, civil, and commercial markets.

DHS’s Hunt and Incident Response Team (HIRT) secures the nation’s cyber and communications infrastructure. HIRT provides DHS’s frontline response to cyber incidents and proactively hunts for malicious cyber activity. Nightwing, as DHS’s prime contractor, conducts HIRT investigations to provide preliminary diagnosis of breach severity. Nightwing provides HIRT with remote and on-site advanced technical assistance, proactive hunting, Teir 2 and Teir 3 incident response, and immediate investigation and resolution utilizing host-based, cloud-based, and network-based cybersecurity analysis capabilities. Team personnel provide frontline response for digital forensics/incident response (DFIR) at the Teir 2 and Teir 3 levels, along with proactively hunting for malicious cyber activity. We are seeking Cyber ​​Threat Hunters to support this critical customer mission.

Responsibilities:

– Correlate forensic findings with network events to support the development of a breach story

– Collect and document system status information (e.g., running processes, network connections) prior to imaging, if necessary

– Perform forensic triage of an incident, including determining its scope, urgency and potential impact

– Track and document forensic analysis from initial participation through resolution

– Coordinate with government and customer personnel to validate/investigate alerts or additional preliminary findings

– Perform analysis of forensic images and available evidence to support forensic reports for inclusion in reports and written products

– Assist in documenting and publishing Computer Network Defense (CND) guidelines and reports regarding incident findings

Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources

– Coordinate with cyber defense personnel across the enterprise to validate network alerts

– Document and escalate incidents (including event history, status and potential impact for further action) that may have an ongoing and immediate impact on the environment

– Perform event correlation using information collected from various sources across the enterprise to gain situational awareness and determine the effectiveness of an observed attack

– Provide daily summary reports on network/host events and activities relevant to cyber defense practices

– Receive and analyze network and host alerts from various sources across the enterprise and determine potential causes of alerts

– Ensure timely detection, identification and warning of potential attacks/intrusions, anomalous activities and misuse activities and distinguish these incidents and events from innocent activities

– Use cyber defense tools for continuous monitoring and analysis of system activity to identify malicious activity

– Analyze identified malicious activities to determine the vulnerabilities exploited, the methods of exploitation, and the effects on the system and information

– Identify and analyze anomalies in network traffic using metadata

– Identify applications and operating systems of a network device based on network traffic

– Identify network mapping and operating system (OS) fingerprinting/other baseline activities

– Assist in the development of signatures that can be deployed to cyber defense network tools in response to new or perceived threats within the network environment or enclave

Required skills/qualifications:

– American citizenship

– Active TS/SCI approval

– Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) eligibility

– 2+ years of direct relevant experience in cyber defense analysis using advanced technologies and industry standard cyber defense tools-

– Ability to create forensically reliable duplicates of evidence (forensic images)
– Ability to write cyber investigation reports documenting findings from digital forensic investigations
– Skill in analyzing and characterizing cyber attacks
– Proficient in identifying different types of attacks and attack stages
– Insight into security threats and vulnerabilities of systems and applications
– Understanding of proactive analysis of systems and networks

– Able to collaborate across different physical locations

– Action-oriented and proactive in solving problems

– Knowledge of common operating systems (e.g. Linux/Unix, Windows)
– Experience in implementing incident handling methodologies

Desired skills:

Knowledge of one or more of these EDR tools: CrowdStrike, SentinelOne, Cortex, MS MDE or Trellix

Knowledge of two or more of the following resources:
— Host forensic software (EnCase, FTK, X-Ways, Sleuth Kit/Autopsy)
— SIEVE
— Volatility

— CAPE
—WireShark
— Splunk

— Elastic
– Ability to conduct all-source research.

Required education:

Bachelor’s degree in Computer Science, Cyber ​​Security, Computer Engineering, or related degree; or High School Diploma and 5 years of experience in network/host research.

Desired certifications: (one or more)

• GCFE, GCFA, GCLD, GCPS, GCPN, GWEB, GIRD, GREM, GNFA, GCIH, GCIA, GSEC,
• Kubernetes Security Specialist, Microsoft 365 Certifications, Microsoft Azure Certifications, AWS Certifications, SANS Cloud Courses (SEC541, SEC584, SEC588) and Certifications GSEC (SANS401), Network+, Security+, CEH

Arlington, VA

Nightwing was previously part of a leading Fortune 100 company and was headquartered in Dulles, Virginia. In 2024, the company became independent, but it continues to support the country’s most important initiatives.

When we formed Nightwing, we brought with us a deep set of credentials and an unwavering commitment to the mission. For more than four decades, our team has delivered some of the world’s most technically advanced full-spectrum cyber, data operations, systems integration, and intelligence support services to the U.S. government on its most important missions.

At Nightwing, we value collaboration and teamwork. You will have the opportunity to work with talented individuals who are passionate about what they do. Together, we will leverage our collective expertise to drive innovation, solve complex problems, and deliver exceptional results for our clients.

Thank you for considering joining us on this new journey and shaping the future of cybersecurity and intelligence together with the Nightwing team.

The salary range for this position is $85,000 – $179,000. The salary range provided is a good faith estimate and is representative of all levels of experience. RTX considers various factors in making an offer, including but not limited to a candidate’s job title, position and responsibilities, work experience, location, education/training, and key skills. Accepted candidates may be eligible for benefits, including but not limited to medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible schedules, Employee Assistance Program, Employee Scholar Program, parental leave, paid time off and holidays. Specific benefits are dependent upon the specific business unit and whether or not the position is covered by a collective bargaining agreement. Accepted candidates may be eligible for short-term and/or long-term annual incentive compensation programs depending upon the level of the position and whether or not it is covered by a collective bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or company performance. This position is a U.S.-based position. If the successful candidate resides in a U.S. territory, the appropriate salary structure and benefits will apply. RTX anticipates the application period will close approximately 40 days from the date notice is posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application period.

RTX is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.

Privacy Policy and Terms:

Click this link to read the policy and terms