(Cyber) Incident Management Analyst – Hybrid at RTX – VA543: 22270 Pacific Blvd, Dulles 22270 Pacific Boulevard Building CC5, Sterling, VA, 20166-6924 USA

Date posted:

2024-08-21

Country:

United States of America

Location:

VA543: 22270 Pacific Blvd, Dulles 22270 Pacific Boulevard Building CC5, Sterling, VA, 20166-6924 USA

Position Role Type:

Hybrid

You have been directed to the RTX careers page because we recently transitioned RTX to a standalone company, which provides us with greater autonomy and growth opportunities. As a future Nightwing employee, you will have the opportunity to contribute to our continued success and shape the future of our cybersecurity, intelligence, and service offerings.

Nightwing provides technically advanced full-spectrum cyber, data operations, systems integration, and intelligence mission support services to address our customers’ most demanding challenges. Our capabilities include cyber space operations, cyber defense and resilience, vulnerability research, pervasive technical monitoring, data intelligence, lifecycle mission enablement, and software modernization. Nightwing delivers disruptive technologies, agility, and competitive offerings to customers in the intelligence community, defense, civil, and commercial markets.

Nightwing supports a U.S. Government customer to provide onsite incident response support to civilian government agencies and critical asset owners experiencing cyberattacks, providing immediate investigation and resolution. Contract personnel conduct investigations to characterize the severity of breaches, develop mitigation plans, and assist in restoring services. Nightwing is seeking a Cyber Incident Management Analyst to support this critical customer mission.

Responsibilities:
– Managing reported incidents by providing a central point of service for incident customer organizations throughout the lifecycle of a high priority incident
– Correlation of incident data to identify specific trends in reported incidents
– Recommending principles and practices for ‘defense in depth’ (e.g., multi-layered defense, layered defense, robust security, etc.)
– Performing Computer Network Defense incident triage, determining scope, urgency, and potential impact
– Identifying the specific vulnerability and making recommendations that will enable a rapid resolution
– Supporting federal leaders with incident management functions during on-site deployments
– Assists in coordinating with private sector partners, law enforcement and internal entities to conduct day-to-day operations
– Conducting peer reviews and providing quality assurance reviews for junior staff
– Mentor junior incident managers and guide others in incident management prioritization, triage and report writing to support on-site assignments.
– Lead team during assigned shifts (2:00pm – 10:30pm ET or 10:00pm – 6:30am ET and 12-hour weekend shifts)
– Leads a technical team of up to 6 highly skilled cyber threat analysts

Required skills:
– American citizenship
– Must have an active TS/SCI authorization
– Must be able to obtain DHS eligibility
– 8+ years of directly relevant experience in cyber incident management or cybersecurity operations
– Knowledge of incident response and handling methodologies
– Knowledge of the NCCIC National Cyber Incident Scoring System to prioritize incident triage
– Knowledge of common attack phases (e.g. footprinting and scanning, enumeration, gaining access, escalating privileges, maintaining access, network exploitation, covering traces, etc.)
– Demonstrable experience in recognizing and categorizing types of vulnerabilities and associated attacks
– Knowledge of basic system administration and operating system security techniques
– Knowledge of computer network defense policies, procedures and regulations
– Knowledge of different operational threat environments (e.g. first generation (script kiddies), second generation (non-state sponsored) and third generation (state sponsored))
– Knowledge of security threats and vulnerabilities for systems and applications (e.g. buffer overflows, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, roundtrip attacks and malicious code)
– Must be able to collaborate across different physical locations

Desired skills:
– Experience in leading and coaching technical teams
– Knowledge of basic system administration and operating system security techniques
– Knowledge of computer network defense policies, procedures and regulations
– Knowledge of different operational threat environments (e.g. first generation (script kiddies), second generation (non-state sponsored) and third generation (state sponsored))
– Knowledge of security threats and vulnerabilities for systems and applications (e.g. buffer overflows, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, roundtrip attacks and malicious code)

Required education:
BS Operations Management, Cybersecurity, or related degree. Two years of related work experience may be substituted for each year of degree-level training.

Desired certifications:
GCIH, GCFA, GISP, GCED, CCFP or CISSP

Arlington, VA

Nightwing was previously part of a leading Fortune 100 company and was headquartered in Dulles, Virginia. In 2024, the company became independent, but it continues to support the country’s most important initiatives.

When we formed Nightwing, we brought with us a deep set of credentials and an unwavering commitment to the mission. For more than four decades, our team has delivered some of the world’s most technically advanced full-spectrum cyber, data operations, systems integration, and intelligence support services to the U.S. government on its most important missions.

At Nightwing, we value collaboration and teamwork. You will have the opportunity to work with talented individuals who are passionate about what they do. Together, we will leverage our collective expertise to drive innovation, solve complex problems, and deliver exceptional results for our clients.

Thank you for considering joining us on this new journey and shaping the future of cybersecurity and intelligence together with the Nightwing team.

The salary range for this position is $105,000 – $221,000. The salary range provided is a good faith estimate and is representative of all levels of experience. RTX considers several factors in making an offer, including but not limited to a candidate’s job title, position and responsibilities, work experience, location, education/training, and key skills. Accepted candidates may be eligible for benefits, including but not limited to medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible schedules, Employee Assistance Program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits may vary based on the specific business unit and whether or not the position is covered by a collective bargaining agreement. Successful candidates may be eligible for annual short-term and/or long-term incentive compensation programs, depending on the level of the position and whether or not it is covered by a collective bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors, including, but not limited to, individual performance, business unit performance, and/or company performance. This position is a U.S.-based position. If the successful candidate resides in a U.S. territory, the appropriate salary structure and benefits will apply. RTX anticipates that the application period will close approximately 40 days from the date the notice is posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application period.

RTX is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.

Click this link to read the policy and terms