Northrop Grumman is seeking a motivated professional to join our Team as a Cyber Incident Management Lead. This position is located in Quantico, VA. The Cyber Incident Management Lead will support the Senior Cyber Security Manager within DSS Cyber Network Defense (CND) unit. Protects, monitors, analyzes, detects, and responds to unauthorized activity on the DSS information systems and networks. Responds to incidents with the approved courses of action that focus on containment, eradication, and recovery. Conducts initial and final incident reports in accordance with all applicable DOD mandates and timelines. Submits and maintains all technical details reports on the CND SharePoint Incident Reports Repository. The successful candidate will possess and apply a comprehensive knowledge across key tasks and high impact assignments. Plans and leads major technology assignments. Evaluates performance results and recommends major changes affecting short-term project growth and success. Functions as a technical expert across multiple project assignments. Will supervise others.
Roles and Responsibilities
• Lead a team of Incident Analyst.
• Develop and implement information security standards and procedures in accordance with IT Security best practices.
• Update and maintain the Incident Management SOPs.
• Document the technical details of suspected network incidents to support incident response and reporting requirements.
• Provide remote incident handling support such as forensics collections, intrusion correlation tracking, threat analysis and direct system remediation tasks to on-site EITS personnel.
• Collect and analyze event logs, personal accounts, system inventories and other sources to determine root cause and incident response measures. Be prepared to provide this data to appropriate law enforcement (LE) or other investigating agencies.
• Conduct impact assessments on systems and programs going through the DSS Approved Products Lists (APL) or the system accreditation process. Recommend the appropriate resolution or Course of Action (COA).
• Develop, update, and maintain existing and future COAs to effectively contain events and incidents to minimize and damage or impact to DSS networks, Information Systems (ISs), data, and services in accordance with DOD mandates.
• Provide impact reports following incidents.
• Assist in conducting Forensic investigations with EnCase Forensic (or similar) tool using all legal and DSS Control Steps. Be prepared to provide this data to appropriate law enforcement (LE) or other investigating authorities.
• Assist in conducting malware analysis to develop incident timelines to include: the dates and times of significant events, command and control domains, and call back addresses; threat objective; and compromised hosts and data.
• Improve information and knowledge sharing capabilities.
• Develop and recommend detailed solutions for network defense improvements to reduce or mitigate incidents
• Develop and maintain a process to identify indicators of insider threat activity.
• Report potential insider threat activity to government.
• Conduct weekly cyber security training for support staff and end-users
• 5 years’ of Cyber Security experience with a Bachelor’s degree in a technical specialty: cyber security, computer science, or similar field. May accept four (4) years of additional relevant experience in lieu of a degree.
• At least three (3) years of experience successfully managing a incident response in a DoD environment effectively utilizing a centralized SIEM system.
• At least three (3) years of relevant experience as a technician using DoD enterprise cyber tools, such as, ACAS, HBSS, SIEM, Firewalls, and NAC.
• IAT-I, II or III IA Baseline Certification (SEC+, CISSP preferred)
• CND Incident Responder IA Baseline Certification Incident Responder: (CEH, GCIA, GCIH, GCFA)
• CE/OS Certificate
• Must possess an active/current TS/SCI clearance.
• CCNA certification
• ITIL v3 certification
• Experience with Forensic investigation procedures and tools, e.g Encase Forensic.
• CJCSM 6510.01B Cyber incident and reporting management experience.
• Uses Information Technology best practices.
• Familiar with any of the following: Akamai, Splunk, Cisco, McAfee, SCAP, ACAST, F5
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.