Technical Lead - Insider Threat Operations (Remote)

Date Posted:

2024-06-27

Country:

United States of America

Location:

UTDC1: UT-DC-Remote UT Remote DC , Washington, DC, 20024 USA

Position Role Type:

Remote

RTX Corporation is an Aerospace and Defense company that provides advanced systems and services for commercial, military and government customers worldwide. It comprises three industry-leading businesses – Collins Aerospace Systems, Pratt & Whitney, and Raytheon. Its 185,000 employees enable the company to operate at the edge of known science as they imagine and deliver solutions that push the boundaries in quantum physics, electric propulsion, directed energy, hypersonics, avionics and cybersecurity. The company, formed in 2020 through the combination of Raytheon Company and the United Technologies Corporation aerospace businesses, is headquartered in Arlington, VA.   

To realize our full potential, RTX is committed to creating a company where all employees are respected, valued and supported in the pursuit of their goals. We know companies that embrace diversity in all its forms not only deliver stronger business results, but also become a force for good, fueling stronger business performance and greater opportunity for employees, partners, investors and communities to succeed. 

The following position is to join our RTX Corporate, Enterprise Services, Research Center or BBN team:

Role Overview: 

Enterprise Services (ES) Cybersecurity has an immediate opening for a qualified technical leader to join RTX Cyber Defense reporting to the Associate Director of Cyber Insider Threat Operations. As the Technical Lead of Insider Threat Operations, you will be responsible for leading and enhancing the technical capabilities to detect, triage, analyze and respond to insider threats.

What You Will Do

• Perform cyber and open-source analysis in order to plan, initiate, and support Insider Threat operations and investigations. Identify and document gaps in analytic techniques and tradecraft as well as data sources and content. Provide recommendations and mitigations, collaborating with cyber engineering to improve the mission and capabilities.
• Collaborate on detection strategies, including formulating and implementing indicators to detect potential insider threats within RTX systems and networks.
• Design, implement and enhance technical solutions, such as monitoring tools and data loss prevention mechanisms to identify and mitigate insider threats.
• Collaborate on the deployment, configuration, and maintenance of insider threat detection tools and technologies, ensuring they remain effective and up to date against evolving insider threats.
• Identify and document both gaps in technical controls and instrumentation. Provide recommendations to improve insider threat detection and mitigation capabilities through proactive reviews, testing, and refinement of processes, tools, and procedures.
• Participate and lead cyber investigations into suspected insider threats, coordinating with relevant teams such as Security, HR, and Legal, to gather evidence and analyze potential risks.
• Mentor cyber insider threat analysts to improve efficiency of alert review, triage and disposition. Contribute to the growth and maturity of both the mission and team personnel through robust documentation.
• Stay updated on the latest developments and trends in insider threats, emerging and/or advanced persistent attack vectors, and industry best practices, incorporating this knowledge into RTX’s defense strategies.
• Collaborate with cyber defense and incident response teams to develop and maintain insider threat incident response plans, outlining procedures for identifying, containing, and mitigating insider incidents. Form coalitions amongst disparate groups, produce thorough and precise documentation, and execute risk-informed decision making.
• Perform other duties as assigned and as required to continuously drive process excellence.

Qualifications You Must Have:

• Typically requires a University Degree or equivalent experience and a minimum 12 years of experience, or an Advanced Degree and a minimum 10 years experience.
• Minimum 5 years with cybersecurity tools and technologies used to detect and mitigate insider threats, including, but not limited to user entity and behavior analytics (UEBA), user activity monitoring (UAM), and data loss prevention (DLP) technologies.
• Minimum 5 years of proven experience leading technical cybersecurity teams
• Minimum 5 years of technical knowledge of the insider threat detection and analysis methodologies and how to leverage technical indicators and analytics to detect internal threats.
• Must be able to effectively communicate (verbal and written) technical and operational details to peers, leadership, and stakeholders with varying levels of technical expertise.
• Experience collaborating with teams inside and outside of Security (ex. Privacy, Legal, HR).
• Strong knowledge of cybersecurity principles, practices, and technologies.
• Ability to analyze the cyber risk of complex business network to develop a cyber defense strategy to protect it.

Qualifications We Prefer:

• Preferred candidate will have experience with Operating System, cloud access, and web proxy event logs, endpoint/extended detection & response, and security incident & event management (SIEM) platforms.
• Preferred candidate will have insider threat and/or offensive cyber experience.

Location: Remote

Work Authorization: US Citizen Required - Ability to obtain security clearance is preferred.

What We Offer: Whether you’re just starting out on your career journey or are an experienced professional, we offer a robust total rewards package with compensation; healthcare, wellness, retirement and work/life benefits; career development and recognition programs. Some of the benefits we offer include parental (including paternal) leave, flexible work schedules, achievement awards, educational assistance and child/adult backup care.

The salary range for this role is 143,000 USD - 287,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate’s work experience, location, education/training, and key skills.

Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.

Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company’s performance.

This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.

RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window.

RTX is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Privacy Policy and Terms:

Click on this link to read the Policy and Terms