GBSD Staff Cyber Incident Analyst Responder - Lead

    Northrop Grumman
    Roy, UT
    Full-time, Part-time
    Similar jobs pay $8.81 - $14.95

    Job Description

    Start your future with a new mission: Northrop Grumman Enterprise Services (NGES). As a part of the NGES Team, you will work with experts throughout the enterprise that develop systems and solutions to keep our world safe. Together we protect our troops, public safety, information, and our planet. It's unique work. It's challenging and rewarding. But most of all, it's work that makes a difference. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work, and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. Join us and launch your career.

    Northrop Grumman's Enterprise Services Information Assurance support team is seeking a Cyber Incident Analyst Responder (Lead) to join the Information Security team in Roy, UT. Learn more about the GBSD program here.

    The Cyber Security organization has overall responsibility for providing information security oversight to all Northrop Grumman classified systems under their respective purview. This specific position will be required to manage and participate in developing the Incident Response process as well as support the collection and analysis of incident and event information in the program's security operations center (SOC). The role will act as the shift lead for incident response and coordination activities with domain analysts and network resources. The role will perform threat identification, analysis, integrated Active Cyber Defense duties, and provide oversight and support for persistent monitoring on a 24/7 basis of all designated networks, enclaves, and systems. The role will be responsible to interpret, analyze, and report all events and anomalies in accordance with Computer Network directives, including initiating, responding, and reporting discovered events. Manage and execute first-level responses and addresses reported or detected incidents. Report to and coordinates with external organizations and authorities. Coordinate and distribute directives, vulnerability, and threat advisories to identified consumers, provide daily summary reports of network events and activities, and deliver metric reports.

    Daily work includes:

    • Oversight and responsibility for Incident Response Services on close to real-time monitoring systems,

    • Accountability for the optimization of automated scan and reporting performance,

    • Ownership for the review and validation of scan results and other data collection methods with the ISSOs and/or application and system owners, and

    • Diligence in assessing criticality of vulnerabilities using scanning tool and other recommendations prioritizing criticality of issues based on the systems security domain and related threat profile.

    Responsibilities will include, but are not limited to:

    • Provide all support services to implement and operate a fully functional, integrated and JSIG and contract compliant Active Cyber Defense that is integrated across all security domains

    • Train, certify and maintain proficiency at using and tuning the SIEMs assigned for deployment to the program; to include the use of both log based and PCAP based SIEMs, Orchestration and signature updating tools.

    • Maintain technical expertise in all areas of the SIEMs used, its interconnection to the consoles and ensuring that all networks, subnets, VLANs and endpoints used by the program in each security domain are understood and that the compliance requirements are met. This will involve both endpoint and network security vulnerability assessment tools.

    • Perform installation and/or reconfiguration of SIEMs including incremental SIEM deployments, support data ingest to the SIEMs, the security tool management consoles management and data aggregation consoles.

    • Support the installation of SIEM agents on all workstations, VDI images, external cloud VDI like images, and all virtual and physical servers.

    • Maintain agent installations as operating system patches and updates are planned and tested.

    • Demonstrate proficiency with and support for the use of security tool management and related management consoles (i.e., Vulnerability Management console, NGFWs, SCCM, AV, Insider Threat, Nutanix Management Consoles, Cross Domain Solutions - Transfer, Dross Domain Solutions - Access, etc.) to supplement the use of the SIEM in Incident Response Activities.

    • Develop Incident Response Plans to support operational needs

    • Identify and elevate potential cost savings and optimization solutions with special focus on all, current usage, and future-based, communications requirements

    • Prepare and verify that appropriate Active Cyber Defense documentation exists, including CONOPS and technology/solution ATO package preparation support and maintenance.

    • Coordinate third-party maintenance for vulnerability scanner systems, as needed

    • Act in capacity as subject matter expert and be sought after for your complete understanding and wide application of technical principle, theories, and concepts in the field; as well as general knowledge of other related disciplines.

    The successful applicant will demonstrate the ability to work in a team environment with security professionals, system administrators and computer/facility organizations and support design, test and development engineering customers.

    Qualifications :

    Basic Qualifications:

    To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:

    • Bachelor's degree and 14 years of ISSO experience using RMF or related experience; Master Degree and 12 years; or Ph.D. and 9 years. In lieu of a Bachelor's degree, one year of relevant experience may be substituted for each year of the 4 required years of education.

    • Active DOD Secret clearance and ability to maintain the clearance

    • Ability to be cleared to special access programs (SBI within the last 5 years)

    • DOD 8570 training and certifications (IAT, or IAT Level II certification) or ability to obtain certifications within 6-months

    • Knowledge of leading COTS vulnerability assessment tools

    • Knowledge of OpenSCAP vulnerability assessment tools

    • Knowledge of LAN concepts such as VLANs, subnets, VLAN communications brokerage principles using Firewalls and how to run scans through them.

    • Multi-tasking with good communication skills; both verbal and written are a must.

    Preferred Qualifications:
    Candidates with these desired skills will be given preferential consideration:

    • Experience using leading vulnerability scanning teams

    • Experience using leading COTS and Open Source vulnerability scanners

    • Knowledge of JSIG, the Classified Overlay, NIST SP800-53/R4 (R5)

    • Knowledge of classified network design principles, operating systems, CVE and related guidance associated with scanners and vulnerability analysis and remediation

    • Strong written and verbal communication skills

    • Proficient project management skills

    • Ability to work in fast paced environment

    • Willingness to work after hours and weekends as required

    • Active Top Secret DOD security clearance

    Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit U.S. Citizenship is required for most positions.

    Posting ID: 556638996Posted: 2020-05-21