Cyber Protection Northrop Grumman Corporation
Chicago, IL

Job Description

Job Description:

Are you interested in expanding your career through experience and exposure, all the while supporting a mission that seeks to ensure the security of our nation and its allies? If so, then Northrop Grumman may be the place for you. As a leading global security company providing innovative systems, products and solutions to customers worldwide, Northrop Grumman offers an extraordinary portfolio of capabilities and technologies. Here at Northrop Grumman we are comprised of professionals that bring different perspectives, are curious about the world, accepting of each other, and understand that the more ideas, backgrounds, and experiences we bring to our work then the more innovative we can be. As we continue to build our talented workforce we look for professionals that exemplify our core values, leadership characteristics, and approach to innovation.

Hours of Support provided include the following: 10:00 PM- 6:30 AM (Local Time)

Roles and Responsibilities may include, but are not limited to:

* The Sensor Monitor Specialist monitors 100 percent of all VA internal and external network traffic to provide security analysis support to cover over 100 million (M) plus weekly security events, up to 1.4M endpoints (projected out to fiscal year 2020). This support is mainly derived from the NIST SP 800-53 series, Incident Response (IR) Control Families.
* Respond to 100 percent of tickets/ emails and produce an updated analysis progression thereafter in accordance with SLAs.
* Utilize the VA ITSM to manage and track performance.
* Escalate work requests as needed through the VA's ITSM and utilize the ITSM to document all investigation related activities.
* Monitor, analyze or report 24/7/365 on the following:

1. Monitor 100 percent of the network intrusions and malware events using the Security Information and Event Management (SIEM) tool and this shall be performed manually during a SIEM outage

2. Collect, review, analyze and correlate security events from Network Security tools in the Wide Area Network, Trusted Internet Connection (TIC) Gateways, Data Centers, local facilities, Business Partner Extranet, and external VA cloud locations as applicable and capability facilitates

3. Monitor on premise and CSOC monitored enterprise cloud environment based events for potential incidents

4. Monitor for threats at every phase of the Cyber Intrusion Kill Chain.

5. Monitor all security devices to ensure confidentiality, integrity, and availability of CSOC architecture and security devices

6. Utilize incident response use-case workflows to follow established and repeatable processes to triage and escalate incidents

7. Review, inspect, and analyze log files (i.e. Network logs, Server/ Workstation Logs, SPLUNK logs), network traffic and security events from all network security tools within the VA Wide Area Network and Gateway to detect, identify and report anomalous malicious network activity

8. Review audit logs and report any unusual or suspect activities in accordance with VA 6500 (i.e. SI-1 - System and Information Integrity Policy and Procedures, and SI-4 - Information System Monitoring)

9. Create trouble tickets to capture the detailed analysis of security events, in accordance with established CSOC procedures

10. Perform initial validation to determine whether a security event requires investigation, and open a trouble ticket as needed

11. Escalate ticket to an incident if the analysis indicates a security compromise.

12. Correlate events for early warning and prevention

13. Produce Weekly Summary of Sensor Analysis Status Report spreadsheet, to include; status (opened, under investigation, or closed), summary of tickets by ticket number and date, and brief annotation of current analysis to help track progress

* Maintain a daily activity report on assigned investigations and/ or incidents.
* Incorporate input received from other VA teams and external vendor personnel to analyze and validate security events and incidents.
* Review threat intelligence documentation and integrate knowledge into security operations.
* Identify false-positives by correlating security events with vulnerability data and system status.
* Conduct weekly, monthly and yearly trend analysis of security events to identify anomalous malicious activity and repeat infections.
* Utilize open source intelligence and various cyber security threat portals (e.g. Homeland Security Information Network (HSIN), iSight, Shadow Server), and other credible sources for cyber threat information to assist with the validation of incidents.
* Provide technical support to develop and execute custom scripts to identify host-based indicators of compromise.
* Provide technical support for new detection capabilities and improve upon existing security tools.
* Create customized monitoring dashboards using Splunk and other event collection tools to augment SIEM as needed.
* Provide recommendations for event monitoring/ event management/ configuration of security tools for targeted threats and malicious activity during technical meeting or informally through emails.
* Submit Use Cases for analysis by SIEM and Predictive Analytics tools and work in conjunction with the CHTA and CTS - Cyber Technical Services Teams to implement.
* Develop required SOPs and assist other CSA teams with SOP, Playbook, and Work Flow Development.

TSCSOC

Basic Qualifications:

* Bachelor's degree Computer Science, Information Systems Management, Engineer or related field and minimum 2 years of experience. Additional 4 years of experience will be accepted in lieu of the degree.
* 2 years of direct experience performing network and host advanced analytics principles and methods, and information security processes and techniques required to sufficiently perform sensor monitoring and advanced analysis are required.
* Certification in one of the following (Security , Network , VA CSP, CISSP, C|EH) or 5 years of experience overrides certification requirement.
* Must be able to obtain a Veterans Affairs High Security Investigation (VA BI)

Preferred Qualifications:

Candidates with these desired skills will be given preferential consideration:

* Knowledge in a public health environment.
* Knowledge of VA culture, mission, and IT environment
* Certification in one of the following (Security , Network , VA CSP, CISSP, C|EH)
* 3 or more years experience performing network and host advanced analytics principles and methods, and information security processes and techniques required to sufficiently perform sensor monitoring and advanced analysis are required.

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.