$ads={1}
Remote role
Responsibilities: • Create detection content to support the automated identification of threats across the environment • Triage alerts generated from curated hunt team detection content and escalate as needed to other organizations within cybersecurity defense operations • Perform threat hunts based on current cyber threat intelligence or recent cyber events • Perform daily research to identify new tools, tactics, and procedures for threat actors and malware families • Analyze security and event logs looking for anomalies and indications of malicious behavior • Support Security Operation Center and Incident Response activities during both times of crisis and when needed to support incident ticket triage • Craft and test scenarios for RTX’s security validation platform • Perform micro or ad-hoc threat hunts for to answer RFIs from peers and leadership or to investigate anomalies picked up by security controls • Document hunt team findings for easy recall and to reduce duplication of effort • Draft debriefings and collaborate with other teams within RTX cybersecurity • Participate in technical discussions, projects, and debriefs with peers and senior leadership • Train and mentor junior analysts
Experience/Qualifications: The perfect candidate would have a working knowledge understanding of… • TCP/IP and how traffic navigates a network • Security controls (firewalls, antivirus, Endpoint Detection and Response platforms, Intrusion Detection Systems, packet capture tooling, etc.) and how they can be leveraged to spot anomalies • Cyber threat hunt methodology and how malicious activity can be identified in a network • Malicious actors and the tools, techniques, and procedures they employ • Why malicious actors would target an organization like RTX • Different threat groups and the TTPs that make them unique • Security incident and event monitoring platforms • Log analysis and how events of interest can be linked together or corroborated • Windows and Unix based endpoints and servers • Scripting, particularly in Python, to support task automation • Cloud service providers and how those technologies fit within the business information system ecosystem
Preferred Qualifications: • Must be able to work well with others on a close-knit team • Must be comfortable meeting and working via teleconference and/or videoconference • Must have excellent communication skills and be able to convey technical details to audiences of differing technical aptitude • Must be a self-starter, capable of identifying tasks and working projects with little oversight • Candidates with previous experience supporting cybersecurity operations within a cyber fusion center are desired • Prior experience within security operations, cyber threat hunting, or content detection development is required • Experience using Endpoint Detection and Response platforms and other cyber threat hunt tooling is also desired but not required • Must be fully vaccinated against Covid-19 Education: • Typically requires a University Degree or equivalent experience and a minimum 8 years of experience, or an Advanced Degree and a minimum 5 years experience.
Location: Remote
Work Authorization: US Citizen Required
hy8g7ShGzz
