4 days old

Cyber Incident Analyst Responder

Northrop Grumman
Arlington, VA 22212
Are you interested in expanding your career through experience and exposure, all while supporting a mission that seeks to ensure the security of our nation and its allies? If so, then Northrop Grumman is the place for you. As a leading global security company, we provide innovative systems, products and solutions to our customers worldwide. We are comprised of diverse professionals that bring different perspectives and ideas, understanding that the more experiences we bring to our work the more innovative we can be. As we continue to build our workforce we look for people that exemplify our core values, leadership characteristics, and approach to innovation.

The Cyber Incident Analyst Responder position will be located in Arlington, VA.

This Cyber Incident Analyst Responder position requires out-of-town-travel up to 30% with durations of up to two weeks.

Position Description:

Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes.
Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.
Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis.
Track and document CND hunts and incidents from initial detection through final resolution.
Identify intrusion artifacts at the host and network level, have a strong understanding how discovered data can be used to enable CND hunts and incident mitigation within the enterprise.
Perform forensically sound collection of host based images with ability to perform memory and disk forensics.
Perform real-time enterprise CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs).
Write technical reports on incident findings (e.g. engagement reports) and provide CND guidance to appropriate constituencies.
Monitor and analyze network alerts from sources within the enterprise to determine potential compromise.
Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.
Correlate multiple data sources to identify potential network exploitation and make recommendations that enable expeditious remediation.
Will be required to travel up to 30% of time, with durations up to two weeks.


**Basic Qualifications** - To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below. This requisition may be filled at a higher grade based on qualifications listed below.

Bachelor's Degree and a minimum of 0-1 years' experience required.

Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
Understanding of cyber forensics concepts including malware, hunt, etc.
Understanding of how both Windows and Linux systems are compromised.
Understanding of Network-based protocols.

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO . U.S. Citizenship is required for most positions.

**Job Category** : Information Technology


Posted: 2020-05-21 Expires: 2020-06-20

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Cyber Incident Analyst Responder

Northrop Grumman
Arlington, VA 22212

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast