Northrop Grumman Cyber Incident Analyst Responder 3/4 in Arlington, Virginia
Cyber Incident Analyst Responder 3/4
Requisition ID: 18002165
Location(s): United States-Virginia-Arlington
US Citizenship Required for this Position: Yes
Relocation Assistance: No relocation assistance available
Travel: Yes, 10 % of the Time
Do you desire a patriotic role and the chance to defend our nation’s cyber infrastructure? Do you enjoy learning about new technologies and how they can be used to provide cutting edge services to our customers? If so, then look to join the Northrop Grumman Mission Systems team.
The Cyber Incident Analyst Responder 3/4 position will be located in Arlington, VA. This requisition may be filled at a higher grade based on qualifications listed below.
·Collects and analyzes host based and network based data in support of incident response investigations.
·Interprets, analyzes and reports on events and anomalous activity discovered through incident response investigations.
·Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis.
·Supports incident response engagements, and partners with other incident response teams in maintaining an understanding of threats, vulnerabilities, and exploits that could impact client networks and assets.
·Performs real-time and proactive analysis on various data sources, such as anti-virus logs, firewall logs, IDS & IPS data, event logs, and other host based and network based artifacts.
·Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.
·Correlates and analyzes data between disparate sources to assess threat actor techniques, tactics, and procedures.
·Supports the incident manager in focusing and providing response, containment, investigation, and remediation efforts.
·May be required to coordinate with external organizations, authorities, and senior level leadership.
·Performs network architecture security reviews and models data flow to support incident response investigations.
Basic Qualifications - To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below. This requisition may be filled at a higher grade based on qualifications listed below.This requisition may be filled at either a level 3 or 4.
·Bachelor’s Degree in Information Technology (IT) or other related technical field and a minimum of 5 years’ experience required for the level 3 role.
·Bachelor’s Degree in Information Technology (IT) or other related technical field and a minimum of 9 years’ experience required for the level 4 role.
·Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
·Familiar with network analytics including Netflow/PCAP analysis.
·Understanding of cyber forensics concepts including malware, hunt, etc.
·Understanding of how both Windows and Linux systems are compromised.
Preferred Qualifications - Candidates with these desired skills will be given preferential consideration:
·Current active DHS SCI and EOD.
·Experience using Splunk for system data analytics and monitoring strongly preferred.
·Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred.
· A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable.
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO . U.S. Citizenship is required for most positions.
Title: Cyber Incident Analyst Responder 3/4
Requisition ID: 18002165