Skip Navigation

Discover a Rewarding Career

If you’re ready to take on a fresh challenge, grow your career and contribute to making the world a safer place, Raytheon Technologies is ready to help you achieve your goals. Join our team and get the opportunity and support to find purpose, thrive and succeed.

Pentetration Tester - SME

Rosslyn, Virginia

Overview

What does it take to make the world a safer place? It takes delivering innovative technology and collaborating with some of the finest talent in the engineering field. Whether you’re a software engineer or a mechanical engineer, at Raytheon Technologies you’ll grow a varied and rewarding career. And you’ll be supported with a comprehensive and competitive benefits package that promotes work/life. If you’re ready to take on today’s big challenges, discover a world of opportunity at Raytheon Technologies.

  • America’s Best Large Employers by Forbes
  • Career & Development Opportunities
  • Full-time
  • Entry, Mid, Senior level

Back to Job Navigation (Overview)

Responsibilities

RIS has an immediate job opening for a Cyber Penetration Tester to support a U.S. Federal Agency contract to enable mission accomplishment by performing autonomous penetration testing to ensure appropriate security controls and safeguards are in place and function as intended for the designated systems.

The penetration test are conducted in accordance with NSA INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM), and includes discovery activities, attack planning, test follow through, and detailed reporting on test scenarios, findings, and recommendations. Identify current and emerging threat trends, threat actors using a variety of cyber threat intelligence sources. Provide technical assessments of cyber threat actor use of cyber vulnerabilities, exploits, payloads, access infrastructures, and mission platforms. Conduct all-source research on cyber threat actors and intrusion sets (e.g., APTs); evaluate both technical and Intel reporting for cyber threat activities of interest. Conduct detailed analysis of incidents, threats, vulnerabilities, tactics, techniques and procedures (TTP), and other malicious and non-malicious indicators.

*Must have a current TS/SCI security clearance Work Location: Rosslyn, VA

Job Description: Conducts network or software vulnerability assessments and penetration testing utilizing reverse engineering techniques. Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Evaluates system security configurations. Evaluates findings and performs root cause analysis. Performs analysis of complex software systems to resolve both functionality and intent of software systems. Resolves highly complex malware and intrusion issues. Contributes to the design, development and implementation of countermeasures, system integration, and instruments specific to Cyber and Information Operations. May prepare and presents technical reports/ briefings. May perform documentation, vetting and utilizing identified vulnerabilities.

Job Responsibilities:
Shall perform activities including:
Develop and maintain a multi-year schedule for penetration testing activities
• Interface and coordinate with 3rd party organizations performing penetration testing for DS/CTS/CMO
• Interface and coordinate with system owners to establish targets for testing, test schedule, test goals, and rules of engagement
• Lead efforts that document and design improvement strategies for discovered vulnerabilities and monitoring gaps
• When authorized, exploit known vulnerabilities against Department systems in a controlled manner to ensure Department defenses can detect exploitation
• Plan and coordinate Department participation in support of each specific penetration test
• Design, perform and report on penetration testing of systems to satisfy the NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, Penetration Testing Execution Standard (PTES), and Information Systems Security Assessment Framework (ISSAF)
• Produce reports and conduct administration briefings on test activities, scenarios, results and recommendations
• Stay abreast of current attack vectors and unique methods for exploitation of computer networks
Develop unique exploit code and attack vectors to conduct penetration tests
• Render expertise and guidance to other cyber security programs regarding intrusion methods

Required Skills:
• Experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
• Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:
• Experience in computer intrusion analysis and incident response
• Working knowledge of Intrusion detection/protection systems
• Knowledge and understanding of network devices, multiple operating systems, and secure architectures
• Working knowledge of network protocols and common services
• System log analysis
• Experience responding to and resolving situations caused by network attacks
• Ability to assess information of network threats (scans, computer viruses or complex attacks)
• Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
• Contributes to developing and implementing instruments for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk
• Selects, installs, and configures security testing platforms and resources or develop instruments and procedures for penetration tests
• Performs penetration testing using standard penetration resources (Metasploit, Nmap, Nessus, Burp Suite, etc.)
• SIEM content Analysis, Development and Testing
• Experience with SIEMS (such as NetWitness, Splunk, SumoLogic, QRadar)
• Experience with EDR solutions (Carbon Black, Crowdstrike, FireEye, SentinelOne)
• Familiarity with packet analysis to include: HTTP Headers & Status codes, SMTP Traffic & Status codes, FTP Traffic & Status Codes
• Practical experience of integration of COTS or open source instruments
• Personality traits: Naturally curious and inquisitive nature; perseverant and hardworking; loves solving problems and puzzles; critically rigorous; uncompromising integrity
• Demonstrated ability to document processes
• Proficiency with MS Office
• Must be able to work collaboratively across teams and physical locations
• Willing to work rotating shifts

Required Certifications:
Possess at least one certification, such as:
• Certified Information Systems Security Professional (CISSP)
• GIAC Penetration Tester (GPEN)
• GIAC Certified Incident Handler (GCIH)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Intrusion Analyst (GCIA)

Desired Skills:
• Prior experience working in any of the following: Security Operations Center (SOC); Network Operations Center (NOC); Computer Incident Response Team (CIRT)
• Experience with RSA Netwitness, Splunk, FireEye NX, EX, HX, AX, Carbon Black Response, RSA Archer
• Experience with firewalls, routers or antivirus appliances
• Experience working on a 24x7x365 watch desk environment
• Experience with industry standard help desk instruments
• Knowledge of WAN/LAN concepts and technologies

Desired Certifications:
Possess at least one relevant certification, but not limited to the following:
• GIAC Certified Enterprise Defender (GCED)
• GIAC Security Expert (GSE)
• Certified Information Security Manager (CISM)
• Certified Ethical Hacker (CEH)
• Global Industrial Cyber Security Professional (GICSP)
• Certified SCADA Security Architect (CSSA)

Education:

BS Degree in Computer Science/Electrical Engineering, Engineering, Science or a related field and 8+ years of relevant work experience are required.
*Occasional travel within CONUS and OCONUS is expected

165683


Business Unit Profile
Raytheon Intelligence & Space delivers the disruptive technologies our customers need to succeed in any domain, against any challenge. A developer of advanced sensors, training, and cyber and software solutions, Raytheon Intelligence & Space provides a decisive advantage to civil, military and commercial customers in more than 40 countries around the world. Headquartered in Arlington, Virginia, the business generated $15 billion in pro forma annual revenue in 2019 and has 39,000 employees worldwide. Raytheon Intelligence & Space is one of four businesses that form Raytheon Technologies Corporation.

Relocation Eligible
No

Ability to Telecommute
No telecommuting

Clearance Type
TS/SCI

Expertise
Computer Engineering
Computer Science
Cyber Jobs
Engineering Technology
Security
Systems Engineering
Technical
Test Engineering

Type Of Job
Full Time

Work Location
VA - Rosslyn


Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Apply

Success Profile

What does it take to be successful at Raytheon Technologies? Check out these traits to see if you have the right mix.

  • Adaptable
  • Communicator
  • Inventive
  • Leadership
  • Problem-Solver
  • Team player

Back to Job Navigation (Success)

Quote

Felicia Jackson belongs to Raytheon Technologies' employee group for veterans and those who support them. After 24 years in the Air Force, she started a new career at Raytheon Technologies. "I wanted to go where people would support me," she told us.

Rewards

  • 401(k) / Retirement Plans

    Employer Matching, if you elect to enroll company matches up to 3%.

  • Work / Life Balance

    Raytheon Technologies supports a variety of flexible work arrangements including compressed work weeks, flextime, job sharing, 9/80, reduced hours and telecommuting.

  • Career Development

    At Raytheon Technologies, we foster an inclusive culture of professional development. We support a variety of developmental opportunities including: Mentoring programs, Skills Development, Leadership Development, Rotational job assignments, and Continuous Improvement, all of which contribute to advancement of our employee’s capabilities.

  • Paid Time Off

    Accrue paid time off monthly. Receive 10-12 holidays per year with some locations shutting down the week between Christmas and New Year’s Day.

  • Relocation Assistance

    Select technical positions are eligible for relocation packages. See specific job description for eligibility requirements.

  • Parental Leave

    Raytheon Technologies offers all eligible employees up to three weeks paid parental leave for the birth or adoption of a child (separate from paid maternity leave or Family & Medical Leave Act).

Back to Job Navigation (Rewards)

Related Jobs

job alerts

Job Alerts

Interested InEnter a category, location or category/location pair and click add.

  • Computer Engineering, Rosslyn, Virginia, United StatesRemove
  • Computer Science, Rosslyn, Virginia, United StatesRemove
  • Cyber, Rosslyn, Virginia, United StatesRemove
  • Engineering Technology, Rosslyn, Virginia, United StatesRemove
  • Security, Rosslyn, Virginia, United StatesRemove
  • Systems Engineering, Rosslyn, Virginia, United StatesRemove
  • Technical, Rosslyn, Virginia, United StatesRemove
  • Test Engineering, Rosslyn, Virginia, United StatesRemove
  • Engineering, Rosslyn, Virginia, United StatesRemove
  • All, Rosslyn, Virginia, United StatesRemove
  • SAS Information Security Analyst, Rosslyn, Virginia, United StatesRemove
Privacy Policy