Forensic Cyber Analyst
Northrop Grumman is seeking a motivated professional to join our Team as an Incident Management Forensic Admin/Analyst. This position is located in Quantico, VA. The Incident Management Analyst will support the Forensic Admin/Analyst within DSS Cyber Network Defense (CND) unit. Protects, monitors, analyzes, detects, and responds to unauthorized activity on the DSS information systems and networks. Responds to incidents with the approved courses of action that focus on containment, eradication, and recovery. Conducts initial and final incident reports in accordance with all applicable DOD mandates and timelines. Submits and maintains all technical details reports on the CND SharePoint Incident Reports Repository. The successful candidate will possess and apply a comprehensive knowledge across key tasks and high impact assignments. Plan and lead major technology assignments. Evaluate performance results and recommends major changes affecting program success.
Roles and Responsibilities
- Conduct Forensic investigations with EnCase Forensic (or similar) tool using all legal and customer required control steps
- Support and develop the Incident Management SOPs.
- Document the technical details of suspected network incidents to support incident response and reporting requirements.
- Provide remote incident handling support such as forensics collections, intrusion correlation tracking, threat analysis and direct system remediation tasks to on-site EITS personnel.
- Prepare results for the appropriate law enforcement (LE) or other investigating agencies if required.
- Update, and maintain existing and future COAs to effectively contain events and incidents to minimize and damage or impact to DSS networks, Information Systems (ISs), data, and services in accordance with DOD mandates.
- Conducted malware analysis to develop incident reports.
- Execute incident response COAs to recover, contain, eradicate, and restore DSS ISs.
- Develop and recommend detailed solutions for network defense improvements to reduce or mitigate incidents
- 5 years' of Cyber Security experience with a Bachelor's degree, preferably in a technical specialty: cyber security, computer science, or similar field. We may accept four (4) years of additional relevant experience in lieu of a degree.
- At least three (3) years of experience successfully managing and performing forensic analysis.
- Knowledge of DoD enterprise cyber tools, such as, ACAS, HBSS, SIEM, Firewalls, and NAC.
- Experience in developing policies and procedures related to forensic investigations and incident response
- IAT-I, II or III IA Baseline Certification (SEC , CISSP preferred)
- CND Incident Responder IA Baseline Certification Incident Responder: (CEH, GCIA, GCIH, GCFA)
- Computing Environment or OS Certificate
- Must possess an active/current TS/SCI clearance.
- CCNA certification
- Experience in developing root cause analysis report based on investigation
- Knowledge of mitigation techniques for discovered incidents
- Experience in performing forensic response on remote networks
- Uses Information Technology best practices.
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.
Meet Some of Northrop Grumman's Employees
Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.
Back to top