Job Description:
Are you interested in expanding your career through experience and exposure, all the while supporting a mission that seeks to ensure the security of our nation and its allies? If so, then Northrop Grumman may be the place for you. As a leading global security company providing innovative systems, products and solutions to customers worldwide, Northrop Grumman offers an extraordinary portfolio of capabilities and technologies. Here at Northrop Grumman we are comprised of professionals that bring different perspectives, are curious about the world, accepting of each other, and understand that the more ideas, backgrounds, and experiences we bring to our work then the more innovative we can be. As we continue to build our talented workforce we look for professionals that exemplify our core values, leadership characteristics, and approach to innovation.
Roles and Responsibilities:
Cyber Incident Responder well-versed in security operations, cyber security tools, intrusion detection, and secured networks. Serve as an expert responsible for providing network and security operations technical analysis, assessment and recommendations in the areas of real-time security situational awareness, operational network system and applications systems security monitoring.
Hours of Support provided include the following: 3:00 PM 11:30 PM (EST)
Duties and responsibilities may include, but are not limited to:
Utilize various security tools (e.g., Splunk, Splunk Enterprise Security, Palo Alto Networks, SourceFire, Cisco ASA) to identify potential incidents, network intrusions, and malware events, etc. to ensure confidentiality, integrity, and availability of VA architecture and information systems are protected
Track investigations in Help Desk systems including Remedy and Service Now
Utilization of Splunk ES SIEM to respond to incidents detected on the VA network
Reviewing and analyzing log files to report any unusual or suspect activities
Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalating
Generating trouble tickets and performing initial validation and triage to determine whether incidents are security events.
Complete investigations in to identified cyber events and hand over as appropriate
Following established incident response procedures to ensure proper escalation, analysis and resolution of security incidents
Develop and maintain Incident Response procedures and Security SOPs.
Analyzing and correlating incident event data to develop preliminary root cause and corresponding remediation strategy
Communicate effectively to all customers and stakeholders
Work with other contract teams to effectively respond to cyber incidents
Providing technical support for new detection capabilities, recommendations to improve upon existing tools/capabilities to protect the network and High Value Assets
TSCSOC
Basic Qualifications:
To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
Bachelor's degree and 2 years of experience. Additional 4 years of experience will be accepted in lieu of the degree.
2 years of experience with advanced cyber security tools, network topologies, intrusion detection, PKI, and secured networks. Understanding of NIST SP 800-61, US CERT and Office of Management and Budget (OMB) standards. .
.Interpreting and implementing cyber security regulations.
Certification in one of the following (Security+, Network+, VA CSP, CISSP, C|EH) or 2 years of additional experience overrides certification requirement.
Excellent analytical and problem solving skills
Must be able to obtain a Public Trust clearance (Veterans Affairs High Security Investigation)
Preferred Qualifications:
Candidates with these desired skills will be given preferential consideration:
Knowledge in a public health environment.
Knowledge of VA culture, mission, and IT environment
Certification in one of the following (Security+, Network+, VA CSP, CISSP, C|EH)