Northrop Grumman Cyber Incident Analyst Responder 3 - Cyber Hunter in Quantico, Virginia

Individuals collect and analyze event information and performs threat or target analysis duties. Provides operations for persistent monitoring on a 24/7 basis of all designated networks, enclaves, and systems. Interprets, analyzes, and reports all events and anomalies in accordance with Computer Network directives, including initiating, responding, and reporting discovered events. Manages and executes first-level responses and addresses reported or detected incidents. Reports to and coordinates with external organizations and authorities. Coordinates and distributes directives, vulnerability, and threat advisories to identified consumers. Provides summary reports of network events and activities and delivers metric report after HUNT campaigns. Investigate and identify the appropriate mechanisms for preventing and blocking (future) computer use violations for any customer site having a degraded security posture. Provide updates to support closure of security policy violations.

Roles and Responsibilities:

  • Conduct targeted assessments in a safe and controlled manner against customer network, looking for the presence or remnants of APT activity or artifacts.

  • Identify and research APT artifacts from host/file analysis to be used for protective measures on an enterprise network.

  • Synthesize open source and customer provided intelligence reports to derive indicators of compromise to conduct focused operations.

  • Collaborate with other HUNT and external teams to develop course, operational, and SOPs that will improve the workflow and future missions.

  • Document and present investigative findings via detailed analysis reports.

  • Become proficient in Threat Hunting using client provided toolsets.

Must be able to work Monday-Friday, 8am - 4pm

Basic Qualifications:

To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:

  • Active Secret Clearance and Must be TS/SCI eligible.

  • Must be DoD 8570 Compliant at the IAT Level III; 1 of the following certifications required (CASP CE, CCNP Security, CISA, CISSP or Associate, GCED, GCIH), in addition to Security + CE certification, and the Certified Ethical Hacker (CEH).

  • Familiarity with CJCSM 6510.01B; Incident Handling methodology.

  • Understanding of all phases of the Attacker Methodology

  • Familiarity with and ability to investigate Intrusion Detection System alerts.

  • Knowledge of computer networking, collection of artifacts, and research skills.

Bachelor's degree with 5 years of experience. Experience may be considered in lieu of the degree

Preferred Qualifications:

Candidates with these desired skills will be given preferential consideration:

  • Knowledge of CND policies, regulations and compliance documents specific to the DoD.

  • Understanding of functionality and capabilities of computer network defense technologies, to include: Router ACLs, Firewalls, IDS/IPS, Anti-virus, Web Content Filtering.

  • Performed Incident Handling in a SOC.

  • Familiar with Cyber Hunting operations and assessments.

  • Experience with packet capture, log data and analysis, from host and network devices.

Northrop Grumman Corporation is a leading global security company providing innovative systems, products, and solutions in unmanned systems, cyber security, C4ISR, and logistics and modernization to government and commercial customers worldwide.

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship is required for most positions.

ISCYBERDIV