Senior Principal Cyber Network Security Analyst

Northrop Grumman Arlington , VA 22201

Posted 2 months ago

Do you desire a patriotic role and the chance to defend our nation's cyber infrastructure? Do you enjoy learning about new technologies and how they can be used to provide cutting edge services to our customers? If so, then look to join the Northrop Grumman Mission Systems team.

The Senior Principal Cyber Network Security Analyst position will be located in Arlington, VA or Fair Lakes, VA.

Position Description:

  • Perform technical analysis on a wide range of cybersecurity issues, with a focus on network activity and data; this includes, but is not limited to: network flow (i.e. netflow) or related forms of session summary data, signature-based IDS alert/event data, full packet capture (PCAP) data, proxy and application server logs (various types).

  • Triage IDS alerts, collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, diagnose observed activity for likelihood of system infection, compromise or unintended/high-risk exposure. Prepare analysis reports detailing background, observables, analysis process & criteria, and conclusions.

  • Analyze large volumes of network flow data for specific patterns/characteristics or general anomalies, to trend network activity and to correlate flow data with other types of data or reporting regarding enterprise-wide network activity.

  • Leverage lightweight programming/scripting skills to automate data-parsing and simple analytics.

  • Document key event details and analytic findings in analysis reports and incident management systems.

  • Identify, extract and characterize network indicators from cyber threat intelligence sources, incident reporting and published technical advisories/bulletins.

  • Assess cyber indicators/observables for technical relevance, accuracy, and potential value/risk/reliability in monitoring systems.

  • Recommend detection and prevention/mitigation signatures and actions as part of a layered defensive strategy leveraging multiple capabilities and data types.

  • Develop IDS signatures, test and tune signature syntax, deploy signatures to operational sensors, and monitor and tune signature and sensor performance.

  • Fuse open-source threat & vulnerability information with data collected from sensors across the enterprise into cohesive and comprehensive analysis.

  • Provide technical assessments of cyber threats and vulnerabilities.

  • Communicate and collaborate with analysts from other SOC organizations to investigate cyber events.

  • Produce final reports and review incident reports from junior analysts.

  • Monitor and report on trends and activity on network sensor platforms.

  • Produce and update technical analysis documentation (processes, procedures, analysis criteria, report templates, etc.).

Basic Qualifications

  • To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below.
  • Bachelor's Degree in Computer Science or a related technical field and a minimum of 9 years related technical experience required for the level 4 role. An additional 4 years of experience may be substituted in lieu of degree.

  • Active Top Secret Security Clearance with SCI eligibility is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.

  • Working knowledge of security concepts, protocols, processes, architectures and tools (vulnerabilities, threats and exploitation, authentication & access control technologies, threat intelligence data and sources, WHOIS and DNS referential data and sources, intrusion detection/prevention capabilities, network traffic analysis, SIM technology, incident handling, media/malware analysis, etc).

  • Working knowledge of networking concepts, protocols and architectures (OSI-model, TCP/IP, major application protocols such as DNS/HTTP/SMTP, LAN/WANs, VPNs, routers/routing, addressing, etc).

  • Detailed knowledge of intrusion detection engines, capabilities and signature formats in general, with a specific focus on Snort/Sourcefire variations and regular expressions (REGEX).

  • Knowledge of cyber policy & issues, the global cyber community, roles of major organizations how they interrelate and interact, and challenges in these structures.

  • Awareness of the common cyber products and services, an understanding of their limitations, and a comprehensive understanding of the disciplines of cybersecurity.

  • Ability to produce results in a fast-paced environment with the ability to meet iterative deadlines.

Preferred Qualifications

  • Candidates with these preferred skills will be given preferential consideration:
  • Experience working within the Federal government technology community a plus.

  • DODD 8570 Level II certification (SANS certifications, CISSP).

  • Experience leading and managing within SOC/NOC operations.

  • Familiarity with Kill Chain for incident response.

  • Familiarity with incident response products and best practices.

  • Experience with database (e.g. MS Access, SQL) and/or portal administration (e.g. SharePoint).

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr Principal Cyber Incident Analyst Responder

Northrop Grumman

Posted 1 week ago

VIEW JOBS 1/14/2020 12:00:00 AM 2020-04-13T00:00 Do you desire a patriotic role and the chance to defend our nation's cyber infrastructure? Do you enjoy learning about new technologies and how they can be used to provide cutting edge services to our customers? If so, then look to join the Northrop Grumman Defense Systems team. The Sr Principal Cyber Incident Analyst Responder position will be located in Arlington, VA. This Principal Cyber Incident Analyst Responder position requires out-of-town-travel up to 30% with durations of up to two weeks. Position Description: * Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes. * Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise. * Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security. * Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis. * Track and document CND hunts and incidents from initial detection through final resolution. * Identify intrusion artifacts at the host and network level, have a strong understanding how discovered data can be used to enable CND hunts and incident mitigation within the enterprise. * Perform forensically sound collection of host based images with ability to perform memory and disk forensics. * Perform real-time enterprise CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs). * Write technical reports on incident findings (e.g. engagement reports) and provide CND guidance to appropriate constituencies. * Monitor and analyze network alerts from sources within the enterprise to determine potential compromise. * Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities. * Correlate multiple data sources to identify potential network exploitation and make recommendations that enable expeditious remediation. * Will be required to travel up to 30% of time, with durations up to two weeks. Basic Qualifications - To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below. * Bachelor's Degree and a minimum of 9 years related technical experience required. An additional 4 years of experience may be substituted for degree. * Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment. * Familiar with network analytics including PCAP analysis. * Understanding of cyber forensics concepts including malware, hunt, etc. * Understanding of how both Windows and Linux systems are compromised. * Understanding of Network-based protocols. Preferred Qualifications - Candidates with these desired skills will be given preferential consideration: * Current active DHS SCI and EOD. * Experience using Splunk for system data analytics and monitoring strongly preferred. * Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred. * A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable. Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions. Northrop Grumman Arlington VA

Senior Principal Cyber Network Security Analyst

Northrop Grumman