As a member of Cyber Operations Engineering, you will be part of a team of security engineers with extensive technical experience in systems engineering, enterprise data networks, security monitoring, capacity planning, troubleshooting, automation, and orchestration. The team’s primary mission is to support Raytheon’s cyber SOC and incident response teams by delivering critical services. These services include IDS/IPS, SIEM, case management, packet capture, and others.
You will be part of the team responsible for the management of Raytheon’s enterprise Security Information and Event Management (SIEM) system. In addition to handling the day-to-day administration of the system, you’ll work closely with our SOC and incident response teams to provide support during investigations, identify opportunities to integrate with other services to improve user experience, and deploy new features and capabilities. Your main responsibilities will include: •Proactively monitor the service for performance and other issues, and address them in a timely manner while adhering to a strict change management process.
•Leading projects to patch, upgrade, and extend the platform.
•Writing log parsers and extractions (props, transforms) for new log sources.
•Normalizing log data for data modeling.
•Testing and installing new Splunk apps and add-ons.
•Developing custom Splunk commands and integrations in python.
•Writing and tuning Splunk Enterprise Security correlation searches.
•Administration and troubleshooting of the hardware, operating system, and application.
•Providing support for other services, as needed.
•Physically available to support onsite work in both lab and production environments, including prompt emergency work.
•Participate in a 24/7 on-call rotation.
- Required Skills:
- •Minimum 4+ years of experience working in IT and/or Cyber Security and a bachelor’s degree or equivalent combination of work experience and schooling/certifications in lieu of degree.
- •Up to 2 +years of professional experience building and administering Linux based systems.
- •Direct experience working with Splunk Enterprise and/or Splunk Enterprise Security, or the desire and ability to learn Splunk quickly.
- •Working understanding of TCP/IP and networking;
- •Proficiency with programming and scripting languages (Python, Perl, etc.)
- •Understanding of cyber security concepts.
- •Good interpersonal and communication skills; Able and willing to collaborate with others to complete assignments.
- •Aptitude for troubleshooting, creative thinking, and problem solving.
- •This position requires the eligibility to obtain a U.S. security clearance. Except in rare circumstances, only U.S. citizens are eligible for a security clearance.
- This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization
- Desired Skills:•Working understanding of version control systems, especially Git.
- •Experience with infrastructure/configuration automation tools (Terraform, Ansible, etc.)
- •Understanding of SDLC methodologies, especially Agile.
- •Experience with syslog, rsyslog, or syslog-ng.
- •Experience with public cloud platforms, especially AWS and Azure.
- •Experience writing and maintaining detection rules for SIEM.
- •Experience working on a Computer Incident Response Team (CIRT).
- •Previous experience working in a Security Operations Center (SOC).
- •Security log analysis experience.
- •Splunk certifications: Administrator or Architect.
- •Other Information Security and IT certifications: GIAC, CISSP, Cisco, Red Hat, AWS, etc.
- Required Education:
- Bachelor’s degree in Information Technology, Computer Science, Computer Engineering, Cyber, Mathematics or related discipline or equivalent combination of work experience and schooling/certifications in lieu of degree