Principal Cyber Intelligence Analyst

The CATT responsibilities include serving as an operations support coordinator to resource multiple simultaneous penetration testing project teams. CATT pen testing and offensive cyber operations span across all NG products and environments, and require complex coordination of parallel assessment and remediation operations, budgetary planning, metrics reporting and resource management. The incumbent will also provide support to the CATT manager, primary Operations Manager, and Section Leads in planning, execution tracking and optimization of engagements and R&D activity. Strong communications and organizational skills are critical, including direct executive engagement, with deep knowledge of OCO/DCO preferred.
The I&R team responsibilities include providing support for a unique cyber mission to provide counterintelligence (CI) and cyber threat protection to Northrop Grumman's intellectual property, networks and sensitive data against a variety of highly skilled adversaries. To accomplish this goal, the I&R team performs daily in-depth analysis of current network threat activity and trends developing in the future, monitors CI portals and liaisons with Defense Industrial Base and government peers to enhance the protection of the Northrop Grumman Managed Network (NGMN). The position requires an experienced problem solver to act as a cyber threat analyst to process, hunt for, and mitigate threat activity as part of a high-performing, high-profile team of cybersecurity and CI professionals.
The candidate will collaborate daily with various GCD team members and analysts, internal stakeholders, external DIB and government partners to coordinate a multi-tiered approach to threat mitigation which will result in the denial of current and future adversary actions. The person chosen for this position will be tasked with identifying and countering sophisticated and varying cybersecurity and cyber threats to Northrop Grumman personnel, assets, and programs.
Roles and Responsibilities:

Adaptability, creativity, a commitment to mission, self-direction, and strong written/verbal communications skills are essential.
Coordinate Red Team/pen-test engagement schedules, requirements, and deliverables.
Make use of commercial and custom applications/systems/tools to perform analytical triage of cyber events, host and network-based log analysis, correlation of network indicators and PCAP data, event timeline generation, and root cause analysis.
Prepare detailed written analyses of events and perform briefings of findings to both technical and non-technical audiences
Conduct all-source research on cyber threat actors and intrusion sets (e.g., APTs); evaluate technical and intelligence reporting for cyber threat activities of interest.
Support informational and analytic products designed to increase situational awareness and advanced warning of current and emerging cyber threats and risks; report on underlying patterns of behavior by conducting detailed analysis of incidents, threats and risks and associated impacts and consequences, vulnerabilities, tactics, techniques and procedures (TTP), and other malicious and non-malicious indicators.
Analyze classified reporting to identify current and emerging threat trends and work with intelligence community partners to produce and offer classified threat intelligence products and briefings to internal and external partners and stakeholders.
Basic Qualifications:

Bachelor's degree in Cybersecurity/Computer Science/Engineering or related field with 5 years of professional experience OR a Masters Degree with 3 years of professional experience.
Minimum of 2 years of experience conducting analysis in support of intrusion investigations or cybersecurity operations
Experience with two or more analysis tools used in a SOC or similar investigative production environment
Experience and knowledge of performing all-source intelligence analysis of cyber threat actors, threat nations, organizations, and forces
Experience preparing and analyzing data and figures
Experience with cyber Red Team and/or cyber penetration testing team operations and processes
Ability to obtain a Top Secret security clearance
Preferred Qualifications:

Demonstrated awareness of current endpoint and network exploits, familiarity with computer network exploitation methodologies and tools
Understanding of network communication protocols at all layers of the OSI model
Experience working with large data sets and high-performance computing systems
Experience working with endpoint detection and response technologies
Familiarity with current cybersecurity threats facing U.S. defense contractors or the U.S. Government
Experience with cyber threat intelligence methodologies
Knowledge of USG/DoD Cyber Threat Frameworks and the MITRE ATT&CK framework
Familiarity with Threat Intelligence Platforms and Threat Information Sharing standards (e.g., MISP)
Active TS/SCI security clearance
One or more of the following technical certifications (or equivalent) is preferred:
- GIAC Cyber Threat Intelligence (GCTI)
- GIAC Certified Enterprise Defender (GCED)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Reverse Engineering Malware (GREM)
- Certified Forensic Computer Examiner (CFCE)
- Other vendor certifications considered (e.g. EnCE, ACE, CCNA, CISSP, etc.)
Salary Range: $91,200.00 - $136,800.00The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit http://www.northropgrumman.com/EEO. U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.