Are you interested in expanding your career through experience and exposure, all while supporting a mission that seeks to ensure the security of our nation and its allies? If so, then Northrop Grumman is the place for you. As a leading global security company, we provide innovative systems, products and solutions to our customers worldwide. We are comprised of diverse professionals that bring different perspectives and ideas, understanding that the more experiences we bring to our work the more innovative we can be. As we continue to build our workforce we look for people that exemplify our core values, leadership characteristics, and approach to innovation.
Do you desire a patriotic role and the chance to defend our nation's cyber infrastructure? Do you enjoy learning about new technologies and how they can be used to provide cutting edge services to our customers? If so, then look to join the Northrop Grumman Defense Systems team.
The Principal/Senior Cyber Network Security Analyst position will be located in Arlington, VA or Fair Lakes, VA.
Perform technical analysis on a wide range of cybersecurity issues, with a focus on network activity and data; this includes, but is not limited to: network flow (i.e. netflow) or related forms of session summary data, signature-based IDS alert/event data, full packet capture (PCAP) data, proxy and application server logs (various types).
Triage IDS alerts, collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, diagnose observed activity for likelihood of system infection, compromise or unintended/high-risk exposure. Prepare analysis reports detailing background, observables, analysis process & criteria, and conclusions.
Analyze large volumes of network flow data for specific patterns/characteristics or general anomalies, to trend network activity and to correlate flow data with other types of data or reporting regarding enterprise-wide network activity.
Leverage lightweight programming/scripting skills to automate data-parsing and simple analytics.
Document key event details and analytic findings in analysis reports and incident management systems.
Identify, extract and characterize network indicators from cyber threat intelligence sources, incident reporting and published technical advisories/bulletins.
Assess cyber indicators/observables for technical relevance, accuracy, and potential value/risk/reliability in monitoring systems.
Recommend detection and prevention/mitigation signatures and actions as part of a layered defensive strategy leveraging multiple capabilities and data types.
Develop IDS signatures, test and tune signature syntax, deploy signatures to operational sensors, and monitor and tune signature and sensor performance.
Fuse open-source threat & vulnerability information with data collected from sensors across the enterprise into cohesive and comprehensive analysis.
Provide technical assessments of cyber threats and vulnerabilities.
Communicate and collaborate with analysts from other SOC organizations to investigate cyber events.
Produce final reports and review incident reports from junior analysts.
Monitor and report on trends and activity on network sensor platforms.
Produce and update technical analysis documentation (processes, procedures, analysis criteria, report templates, etc.).
This position may be filled at either the Principle or Senior Principle grade levels.