Position Description
Northrop Grumman is seeking a motivated professional to join our Team as an Security Information & Event Management (SIEM) Administrator. This position is located in Quantico, VA. The SIEM Administrator will support the Senior Cyber Security Manager within DSS Cyber Network Defense (CND) unit. Will perform design, management and configuration tasks related to the SIEM, along with data feed on-boarding, capacity planning and content development. The successful candidate will work closely with cyber security professionals from the Security Operation Center and Incident management specialists to maintain and continuously improve the security monitoring and alerting infrastructure.
The successful candidate will possess and apply a comprehensive knowledge across key tasks and high impact assignments. Plan and lead major technology assignments. Evaluate performance results and recommends major changes affecting program success.
Want more jobs like this?
Get jobs delivered to your inbox every week.
Roles and Responsibilities
- Configure and administer the security information and event management (SIEM); provide advanced expertise to maximize the capabilities of the SIEM in order to collect and keep audit data to support technical analysis relating to misuse, penetration, or other incidents involving IT under DSS purview.
- Installation and management of SIEM infrastructure
- Develop SIEM content specific to the attack vectors and threats
- Co-ordinate extensively with networking teams to maintain and establish communication to remote SIEM Collectors/Processors.
- Integrate all security and application log data into SIEM
- Work with Incident and Vulnerability management teams tuning the SIEM application to suppress or alert on false positive security events.
- Closely work with offering teams on implementation and growth planning for installations of event processors/collectors.
- Break-fix triage, resolution and restoration of service for SIEM application and event collector images.
- Configure SIEM to be able to collect and analyze event logs, personal accounts, system inventories and other sources to determine root cause and incident response measures.
- Improve information and knowledge sharing capabilities.
- Develop and recommend detailed solutions for network defense improvements to reduce or mitigate incidents
DSSEITS
Basic Qualifications:
- 6 years' of Cyber Security experience with a Bachelor's degree in a technical specialty: cyber security, computer science, or similar field. (4 years' experience with a Master's). May accept four (4) years of additional relevant experience in lieu of a degree.
- At least three (3) years of experience successfully administrating a centralized SIEM system.
- At least 3 years of Linux Operating System (OS) Administration experience
- Experience developing SIEM content
- Experience integrating McAfee HBSS and other security tools into SIEM
- Experience developing custom feeds into SIEM
- IAT-I, II or III IA Baseline Certification (SEC , CISSP preferred)
- CND Incident Responder IA Baseline Certification Incident Responder: (CEH, GCIA, GCIH, GCFA)
- Computing Environment or OS Certificate
- Must possess an active/current TS/SCI clearance.
Preferred Qualifications:
- CCNA certification
- ITIL v3 certification
- Experience with Forensic investigation procedures and tools, e.g Encase Forensic.
- CJCSM 6510.01B Cyber incident and reporting management experience.
- Familiar with any of the following: Akamai, ArcSight, Splunk, Qradar, McAfee ESM
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.