Job Information
Northrop Grumman CSOC Analyst in United Kingdom Home Based, United Kingdom
Requisition ID: R10157896
Category: Engineering
Location: United Kingdom Home Based, London, United Kingdom
Clearance Type: Security Check (SC)
Telecommute: Yes- May Consider Full Time Teleworking for this position
Travel Required: Yes, 10% of the Time
Positions Available: 1
Part of Northrop Grumman’s Intelligence and Response (I&R) team, this role is a member of a small team that delivers computer network defence support in the UK, providing day-to-day security monitoring operations and services protecting NG’s computing infrastructure from sophisticated threats and strategically positioning the infrastructure to defend against the threats of tomorrow. This position balances constantly shifting and competing priorities to respond to the fluid nature of the global cyber threat landscape.
The I&R team is currently looking for an analyst with proven SOC experience. The analyst must be a highly motivated problem solver to act as a network forensic analyst and incident responder in the United Kingdom. They must be able to process and mitigate cyber threat actor activity. Participate as a junior member of a high performing, high profile team of information security and CI professionals. Adaptability, creativity, a commitment to mission, self-direction, and strong written/verbal communication skills are essential.
Key responsibilities
Perform analytical duties to include security monitoring, host and network based log analysis, correlation of network threat indicators and PCAP data, analytical triage, incident response (both intrusion and privacy related)
Have knowledge of and be able to define and recommend security policy changes to security devices such as firewalls, proxies, email gateways, Intrusion Detection/Prevention Systems, end-point application whitelisting and anti-virus solutions, and Data Loss Prevention solutions
Undertake network forensic duties including:
host- and network-based log analysis
correlation of network threat indicators and PCAP data
analytical triage and prioritisation of concurrent incidents
incident timeline generation
root cause analysis and remediation
independent generation of customized scripts to facilitate analysis and preparation of detailed written reports
Perform host-based cyber forensics investigations (including live memory and system image acquisition, maintaining chain-of-custody, producing investigative reports) in support of data recovery, Incident Response, HR/Ethics employee investigations, Insider Threat investigations, and Legal/litigation cases as needed
Collaborate with I&R and Strategic Counterintelligence (CI) analysts worldwide to co-ordinate a multi-tiered approach to cyber threat mitigation and tracking of trends which will result in the denial of current and future adversary actions
Perform malware analysis to determine and mitigate again adversary tactics, techniques, and procedures, and undertake or assist with reverse engineering of adversary tools
Execute cyber-threat hunting, vulnerability scanning, and penetration testing (as needed)
Generate custom scripting and coding to facilitate effective processing of cyber threat related indicators and data
Carry out cyber-threat intelligence and counter-intelligence missions as a key component of the analytic role, including Cyber Kill Chain reconstruction, identification/analysis/mitigation of adversary infrastructure and avenues of approach, and research on adversary attribution and intentions
Conduct cyber-threat trend analysis and reporting, and devise pro-active mitigations to reduce risk
Provide security consulting and briefing support to company leadership in the areas of policy, cyber threats, cyber exercises, network security infrastructure/products
Assist in security architecture planning, design and testing of new technologies and capabilities to optimise security posture and cost effectiveness as needed
Assist in cyber security-related business development efforts, to include program capture efforts, proposal strategy and planning, resource assessments, and direct-charge program SOC support as needed
Establish and maintain positive working relationship with corporate network security stakeholders in EMEA and the U.S., as well as U.K. government/defence points of contact as necessary
Produce high-quality written threat activity highlights and monthly summary reports to be incorporated into summaries for highest level corporate leadership dissemination
Support production of cyber-threat educational material for employees.
Person Specification
Essential Qualifications/Experience
CSOC experience
Experience in the analysis of network communication protocols at all layers of the OSI model
Experience in an analytical role focused primarily on network forensic analysis
Evidenced experience of conducting analysis of electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations
Track record of using two or more enterprise level perimeter or endpoint security products
Experience of large data sets and high-performance computing systems in a high threat environment
Experienced in applying and developing cyber threat intelligence methodologies
Competency/Skill requirements
Adept at two or more analysis and forensic tools used in a CSIRT or similar investigative environment
Substantial awareness of current host, network vulnerabilities and exploits, advanced computer network exploitation methodologies and tools
Broad knowledge of current and evolving Information Technology and Information Security practices
Linux/Unix and Windows proficiency, including shell (bash, powershell, etc.) scripting
An advanced user of Perl, Python, or other scripting languages preferred
Able to exercise sound judgment when escalating issues
A creative thinker, particularly around remediation and countermeasures to challenging information security threats
Self-motivated, able to work autonomously and collaboratively as part of a wider, virtual team
Excellent interpersonal skills, able to engage effectively with a wide range of stakeholders and customers
Fluent in written and spoken English
Strong skills, adept at trouble-shooting and problem-solving, with excellent attention to detail
Flexible and responsive attitude
Highly-organised and proficient at multi-tasking, working with and resolving competing priorities
Strong customer orientation
Other requirements
Travel requirements: Occasional travel required (less than 10%), mainly in the UK to attend meetings and conferences, with a requirement from time-to-time to travel to the US. Valid UK passport.
Clearance requirements: The post-holder must be able to hold and maintain UK SC Government clearance
#LI-DNI
Northrop Grumman is committed to hiring and retaining a diverse workforce, and encourages individuals from all backgrounds and all abilities to apply and consider becoming a part of our diverse and inclusive workforce.