This job has expired

Principal Specialist, Cyber Incident Response

Raytheon UK
United Kingdom-Solihull
Closing date
15 Oct 2022

View more

Defence , Engineering, IT
Job Role
Software Developer
Job Type
You need to sign in or create an account to save a job.

Job Details

Collins Aerospace is seeking an experienced and motivated individual to join the Digital Technologies (DT) staff in the Monitoring and Detection team (MDR). This is a hybrid (part office / part home) based role located within our Corporate Headquarters in Birmingham, UK.

Job Description
  • Investigates anomalous network activity and responds to cyber incidents within the network environment or enclave.
  • Collects data from a variety of tools, including intrusion detection system alerts, firewall and network traffic logs, and host system logs to analyse events that occur within their environment.
  • Provides persistent monitoring of all designated networks, enclaves, and systems.
  • Interprets, analyses, and reports all events and anomalies in compliance with company policy and external regulations.
  • Continuously works to tune security tools to minimise false positives and maximise detection and prevention effectiveness.
  • Collaborates with the owners of cyber defence tools to tune systems for optimum performance.
  • Analyses malware and attacker tactics to improve network detection capabilities.
  • Collaborates with external companies or government agencies to share open source or classified intelligence.
  • Distributes vulnerability and threat advisories to identified consumers and may set mandatory remediation timelines.
The focus of this role is working within the Collins Aerospace DT Cybersecurity department reporting to the Sr Manager, Monitoring and Detection.


Shall perform specific activities that include, but not limited to the following:
  • Identify, contain, mitigate, recover, and report on cyber-security incidents affecting the enterprise, business, and subsidiary networks globally.
  • Analyze and investigate adverse events and incidents using an enterprise security information and event monitoring (SIEM), logs from firewalls, IDS/IPS, proxies, servers, endpoints and other network devices to determine threats, attack vector, scope of activity, and appropriate response.
  • Collaborate and coordinate with peers and stakeholders across global functional and business unit teams as needed to analyze and respond to adverse events and incidents.
  • Research the latest threat intelligence, vulnerabilities, exploits, and other relevant threat information and trends on various attackers and attack infrastructure.
  • Collaborate with other teams within Enterprise IT Security to improve detection and monitoring, develop cyber defenses, and perform advanced network and host analysis.
  • Utilize cyber security tools to actively hunt for threats in the enterprise network.
  • Ability and willingness to share on-call responsibilities, and work non-standard hours as needed.
  • Perform other duties as assigned
Required Skills
  • Proven experience in Cyber-security and Bachelor's degree or equivalent combination of related work experience and schooling/certifications in lieu of degree
  • Interface with Incident Response and knowledge of the IR lifecycle.
  • Proven experience and knowledge of advanced and persistent threats.
  • Capability of operating independently and in a team environment as is part of a geographically dispersed virtual team with minimal supervision.
  • Proficiency with MS Office Applications
  • Proven ability to troubleshoot and solve technical issues
Candidate must have technical experience in the following areas:
  • Working knowledge of systems, networking, and web technologies.
  • Familiarity with searching, interpreting and working with data from enterprise logging systems (e.g. SIEM, syslog, netflow, DNS, IDS/IPS, proxy, email, server and system logs)
  • Knowledge of TCP/IP protocols and data communications schemes.
  • Prefer familiarity with packet analysis to include:
  • HTTP Headers and Status Codes
  • SMTP Traffic & Status codes
  • FTP Traffic & Status Codes
  • DNS Queries
  • PKI Certificate Exchange
  • Understanding of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
  • Knowledge of vulnerabilities, and vulnerability scanning tools.
  • Understanding in malware types (e.g. virus, worm, RAT, etc) containment, traffic analysis, and mitigation of malware threat
  • This position requires the eligibility to obtain a security clearance.
Desired Skills
  • Understanding of Cyber Kill Chain, Mitre Att&ck, and Diamond Model.
  • Experience in malware triage analysis and/or sandboxing
  • Host based forensics using EnCase, FTK or other digital forensics tools
  • Scripting languages such as Python, Perl, and PowerShell
  • Experience with assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • Excellent social, written and verbal communication skills; must be able to clearly and concisely present analytical data to a variety of technical and non-technical peers, and management of all levels.
  • Proactive, self-driven and fully accountable for independent performance.
  • Strong process orientation and ability to develop, document, and follow standard work; attention to detail.
  • Organizational skills to manage multiple competing priorities and deadlines in a fast-paced working environment.
Possess at least one relevant professional certification or related advanced IT certification, but not limited to the following will be considered an advantage:
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Enterprise Defender (GCED)
  • GIAC Security Expert (GSE)
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Network Forensics Analysts (GNFA)
  • GIAC Reverse Engineering Malware (GREM)
  • Certified Ethical Hacker (CEH)
  • Microsoft Certified Solutions Expert (MCSE)
  • Red Hat Certified Engineer (RHCE)


Raytheon UK is a subsidiary of Raytheon Company. It is a prime contractor and major supplier to the U.K. Ministry of Defence and has developed strong capabilities in mission systems integration in defence, national security and commercial markets. Raytheon UK also designs, develops and manufactures a range of high-technology electronic systems and software at facilities in Harlow, Glenrothes, Gloucester, Waddington, Broughton and Manchester.


Raytheon UK has six key sites. Our manufacturing hub is in Glenrothes in Fife where we employ more than 560 people. The aircraft systems integration takes place in Broughton, North Wales. We manage the Sentinel programme from RAF Waddington where we provide training and a wide range of development work for the RAF. At Gloucester and Manchester, our new cyber business centres conduct specialist research and software development work for customers, and finally there’s our technology centre in Harlow.


With more than 1,600 employees situated across England, Scotland and Wales, Raytheon UK continues to invest in its infrastructure and people as well as growing its graduate and apprenticeship programmes.


Raytheon Company, with 2017 sales of $25 billion and 64,000 employees, is a technology and innovation leader specializing in defense, civil government and cybersecurity solutions. With a history of innovation spanning 96 years, Raytheon provides state-of-the-art electronics, mission systems integration, C5I™ products and services, sensing, effects, and mission support for customers in more than 80 countries. Raytheon is headquartered in Waltham, Mass.

Find Us
01895 816248
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert