SOC (Security Operations Center) Shift Lead

Position Description

Northrop Grumman is seeking a motivated professional to join our Team as a Security Operations Center (SOC) Lead. This position is located in Quantico, VA. The Security Operations Center (SOC) Lead will support the Senior Cyber Security Manager within DSS Cyber Network Defense (CND) unit. The DSS Security Operations Center (SOC) is responsible for communications with United States Cyber Command (USCYBERCOM), Joint Force Headquarters Department of Defense Information Network (JFHQ-DODIN), DISA, and other Government organizations in execution of CND. The Cyber Incident Analyst Responder will provide 24x7x365 coverage to ongoing CND events on the DSS Enterprise Network, identifying incidents, and making recommendations to protect the DSS Enterprise Network. Supports the DSS SOC in maintaining a continuous situational awareness monitoring capability of current cyber security operational status and reports to the affected DSS stakeholders. Manage DSS internet access and identify unauthorized wireless devices. The successful candidate will possess and apply a comprehensive knowledge across key tasks and high impact assignments. Plans and leads major technology assignments. Evaluates performance results and recommends major changes affecting short-term project growth and success. Functions as a technical expert across multiple project assignments. Will supervise others.

Roles and Responsibilities

  • Update and maintain the SOPs for Security Operations Center functions.
  • Develop, maintain, and provide a daily morning brief and an end of day brief to provide current cyber security posture, issuance of directives, cyber events, and compliance status.
  • Develop, maintain, and provide a weekly brief that captures all of the cyber events with metrics and trends.
  • Document and track incidents on SharePoint in accordance with the reporting procedure and archive historical CND data.
  • Submit and track all trouble tickets submitted on behalf of CND internally and to external organizations and ensure that SLAs are being met.
  • Obtain and maintain accounts from external DOD agencies on NIPRNET, SIPRNET, and JWICS to in order to receive reports from multiple sources to incorporate CND briefs and distribute to stakeholders.
  • Maintain situational awareness on cyber incidents and activity with the appropriate DOD partners (i.e. CSSP, CYBERCOM, NSA, etc.) via various tools and reporting mechanisms (i.e. NTOC, CENTAUR, CMRS, JIMS, Acropolis) on NIPRNET, SIPRNET, and JWICS.
  • Review and determine if external reports, orders, and directives are applicable to DSS enclaves and execute response actions as required.
  • Track and coordinate all tasks, cyber events, external assessments, tickets, and all other applicable actions with the agency's Cyber Security Service Provider.
  • Research, identify, and verify new Advanced Persistent Threat Tactics, Technics, and Procedures (TTP) from commercial and government sources and provide recommendations in order to strengthen the overall DSS cyber security posture.


Basic Qualifications:

  • 5 years' of Cyber Security experience with a Bachelor's degree in a technical specialty: cyber security, computer science, or similar field (3 years' with a Master's). May consider four (4) additional years of relevant experience in lieu of a degree.
  • Experience with security tools like ArcSight, McAfee HBSS, Cisco or Juniper products.
  • Experience with incident analysis and response
  • IAT-I or II IA Baseline Certification (SEC preferred)
  • CND Analyst IA Baseline Certification: (CEH, GCIA, GCIH)
  • Computing Environment or OS Certificate
  • Must possess active/current TS/SCI clearance

Preferred Qualifications:

  • CCNA certification
  • ITIL v3 certification
  • Experience with NTOC, CENTAUR, CMRS, JIMS, and Acropolis reporting tools.
  • Experience with TASKORD, FRAGO, and OPORD.
  • Experience with Advanced Persistent Threat Tactics, Technics, and Procedures.
  • Excellent verbal and written communications.
  • Familiar with any of the following: Akamai, Splunk, Cisco, McAfee, SCAP, ACAST, F5

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit U.S. Citizenship is required for most positions.

Meet Some of Northrop Grumman's Employees

Jacqueline T.

Electrical Engineer

Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.

Jonathan M.

Electronics Engineer

Jonathan works with avionics industry subject matter experts to come up with new feature developments before implementing those ideas in the Northrop Grumman laboratory.

Back to top