Forensics Analyst

The following position is to join our Corporate or Research Center Team:

Raytheon Technologies Corporation

Raytheon Technologies Corporation is an Aerospace and Defense company that provides advanced systems and services for commercial, military and government customers worldwide. It comprises four industry-leading businesses – Collins Aerospace Systems, Pratt & Whitney, Raytheon Intelligence & Space and Raytheon Missiles & Defense. Its 195,000 employees enable the company to operate at the edge of known science as they imagine and deliver solutions that push the boundaries in quantum physics, electric propulsion, directed energy, hypersonics, avionics and cybersecurity. The company, formed in 2020 through the combination of Raytheon Company and the United Technologies Corporation aerospace businesses, is headquartered in Waltham, Massachusetts.

To realize our full potential, Raytheon Technologies is committed to creating a company where all employees are respected, valued and supported in the pursuit of their goals. We know companies that embrace diversity in all its forms not only deliver stronger business results, but also become a force for good, fueling stronger business performance and greater opportunity for employees, partners, investors and communities to succeed.

Cyber Operations

Raytheon’s Cyber Operations Group within Enterprise Service’s Information Technology Division is looking for a Computer System Administrator/Forensics Analyst for the Forensic Technical Services (FTS) team. As a part of Cyber Defense, the holder of this position will provide data analysis to identify both threats targeted at the defense community as well as the associated mitigation steps.

Role Overview:

Raytheon Technologies Cyber Forensics, Investigations and Development group is looking for an experienced Systems and Network Administrator to work with the Forensic Technical Services (FTS) team. This individual’s primary job focus will be the administration, maintenance, and care of the FTS team’s server infrastructure. Activities will include installing, removing, and surplussing server hardware, removing/replacing hard drives, making local FTS firewall, router and switch configuration changes, installing operating systems and software, scheduling patches using WSUS and/or applying them manually, tracking security updates, assisting with vulnerability scans and applying security patches and fixes, documenting infrastructure changes and working with security personnel to obtain a renewed Authorization to Operate (ATO) for the FTS environment.

This individual’s secondary focus will be learning and/or assisting with Incident Response Forensics tasks. This individual will work with multiple teams within and beyond Cyber Operations to analyze compromised computer systems in a forensically-sound manner, perform both forensic triage and “deep-dive forensic” analysis, participate in network traffic analysis (i.e., network forensics), assess potential threats, conduct research into advanced anti-forensics techniques, provide incident handling surge support, and provide thorough and detailed reporting - as requested - on these activities.

Daily activities for this job include:

• Installing, removing, and surplussing server hardware, removing/replacing hard drives
• Making local FTS firewall, router and switch configuration changes
• Installing operating systems and software, scheduling patches using WSUS and/or applying them manually
• Tracking security updates, assisting with vulnerability scans and applying security patches and fixes
• Documenting infrastructure changes and working with security personnel to obtain a renewed Authorization to Operate (ATO) for the FTS environment
• Performing remote and local forensic imaging of a variety of media, computer systems, operating systems, etc., in a forensically sound manner
• Extracting forensic artifacts from images and performing in-depth analysis in support of RTX SOC, Incident Response, and Malware team.
• Researching threats, vulnerabilities, and exploits
• Develop custom scripts to automate analysis and tasks
• Participating in large scale cyber investigations
• Supporting cyber operations teams including the SOC, Intel, Threat Hunting, and Incident Response teams

Required Skills & Experience:

• 5 years of experience in Windows (10, Server 2016/2019), Linux/Unix System Administration, server hardware, SAN, database administration, back-up software and hardware, remote server administration tools
• Extensive knowledge of security concepts and techniques
• Comfortable with both windows and linux shells and utilities
• Knowledge of networking (TCP / IP, topology, and security), operating systems (Windows / UNIX), and web technologies (Internet security).
• Solid understanding of networking protocols and network traffic analysis
• Experience with a VMware infrastructure (ESX server, VMware Workstation, virtual networking, etc.)
• Good understanding of Windows domain architecture, tracking and remediation of threats within that environment
• Solid understanding of Windows security domain environment, architecture, file systems, and core applications
• Strong team player, working well with both technical and non-technical people
• Excellent technical writing skills as well as providing succinct executive summaries
• Shell scripting experience in both Windows and Linux: PowerShell, Bash, Python

Desired Skills, Knowledge and Experience:

• Experience with HP hardware, Data Protector software
• Understanding of computer virus, exploits, and ethical hacking techniques with Windows, UNIX, and web technologies
• Solid understanding of computer malware, exploits, and current attacker tools, techniques, and procedures
• Familiarity with encryption/decryption algorithms and technologies
• Experience with both commercial and open-source, local and enterprise, individual and collaboration forensic imaging and analysis tools)
• Experience in forensic imaging & analysis
• In-depth understanding of Windows/Linux artifact and log analysis
• Experience with Log Analysis, Incident Response, Threat Intelligence, and / or Security Research
• Understands basic cloud computing and security and forensics, including how and where data is stored, acquisition methods for analysis, etc.
• Amazon Web Services (AWS) or Azure Cloud Architecture and management
• Professional Security Certifications (MCSE, CISSP, GSEC, GCIH, EnCE, GREM, GCFA, GCFE, GCIA, etc.)

Education:

• Typically requires a University Degree or equivalent experience and a minimum 7 years of experience, or an Advanced Degree and a minimum 5 years of experience.

Other:

• This position requires the eligibility to obtain a U.S. security clearance. Except in rare circumstances, only U.S. citizens are eligible for a security clearance.

Location: Richardson, TX

Work Authorization: US Citizen or US Green Card Holder Required

Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.