Cyber Systems Administrator – Principal / Senior Principal – Security Operations (SOC) Analyst

Requisition ID: 21000561

  • Category IconCategory: Information Technology
  • Location IconLocation: Tampa, Florida
  • Citizenship IconUS Citizenship Required for this Position: Yes
  • Clearance IconClearance Type: SCI
  • Telecommute IconTelecommute: No –Teleworking not available for this position
  • Shift IconShift: 1st Shift
  • Travel IconTravel Required: Yes, 10 % of the Time
  • Positions IconPositions Available: 1

At the heart of Defining Possible is our commitment to missions. In rapidly changing global security environments, Northrop Grumman brings informed insights and software-secure technology to enable strategic planning. We’re looking for innovators who can help us keep building on our wide portfolio of secure, affordable, integrated, and multi-domain systems and technologies that fuel those missions. By joining in our shared mission, we’ll support yours of expanding your personal network and developing skills, whether you are new to the field or an industry thought-leader. At Northrop Grumman, you’ll have the resources, support, and team to do some of the best work of your career.
Northrop Grumman Mission Systems is seeking a Security Operations Center (SOC) Cyber Systems Administrator to join our team of qualified, diverse individuals located at Tampa, FL.

Roles and Responsibilities:
The candidate will be filling a role that requires a broad array of knowledge and skills heavily focused on Systems Administration and system engineering working with team members to support a Cyber Security program. We're looking for a highly motivated individual with an impeccable work ethic and a strong ability to work in a collaborative fast-moving dynamic team environment. The primary team is located in Tampa, Florida.

Responsibilities include:
• Perform technical analysis on a wide range of cybersecurity issues, with a focus on network activity and data; this includes, but is not limited to: network flow (i.e. netflow) or related forms of session summary data, signature-based IDS alert/event data, full packet capture (PCAP) data, proxy and application server logs (various types)
• Triage IDS alerts, collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, diagnose observed activity for likelihood of system infection, compromise or unintended/high-risk exposure. Prepare analysis reports detailing background, observables, analysis process & criteria, and conclusions
• Analyze large volumes of network flow data for specific patterns/characteristics or general anomalies, to trend network activity and to correlate flow data with other types of data or reporting regarding enterprise-wide network activity
• Leverage lightweight programming/scripting skills to automate data-parsing and simple analytics
• Document key event details and analytic findings in analysis reports and incident management systems
• Identify, extract and characterize network indicators from cyber threat intelligence sources, incident reporting and published technical advisories/bulletins
• Assess cyber indicators/observables for technical relevance, accuracy, and potential value/risk/reliability in monitoring systems
• Recommend detection and prevention/mitigation signatures and actions as part of a layered defensive strategy leveraging multiple capabilities and data types
• Develop IDS signatures, test and tune signature syntax, deploy signatures to operational sensors, and monitor and tune signature and sensor performance
• Fuse open-source threat & vulnerability information with data collected from sensors across the enterprise into cohesive and comprehensive analysis
• Provide technical assessments of cyber threats and vulnerabilities
• Communicate and collaborate with analysts from other SOC organizations to investigate cyber events
• Produce final reports and review incident reports from other analysts
• Monitor and report on trends and activity on network sensor platforms
• Produce and update technical analysis documentation (processes, procedures, analysis criteria, report templates, etc.)

Basic Qualifications for the Principal Cyber Systems Admin:
  • Six (6) years of related technical experience with Bachelors in Science; Four (4) years with Masters; 0 years with PhD; or 10 years of experience without a degree
  • US Citizenship is required with an active DoD Top Secret/SCI security clearance which was active in the last 24 months
  • Must possess or be able to obtain DoD 8570 Certification for IAT Level II or higher within two (2) months of starting
Basic Qualifications for the Sr. Principal Cyber Systems Admin
  • Ten (10) years of related technical experience with Bachelors in Science; Eight (8) years with Masters; Four (4) years with PhD; or 14 years of experience without a degree
  • US Citizenship is required with an active DoD Top Secret/SCI security clearance which was active in the last 24 months
  • Must possess or be able to obtain DoD 8570 Certification for IAT Level II or higher within two (2) months of starting
  Preferred Qualifications:
• DoD 8570 Certification for IAT Level III
• Experience within SOC/NOC operations
• 2 years of cyber threat analysis experience
• Minimum of 1 year of experience conducting analysis of log data in support of intrusion analysis or information security operations
• Experience with two or more analysis tools used in a CIRT or similar investigative environment
• Able to prepare and analyze data and figures
• Recent military experience or familiarity with DOD
• Experience with Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), Splunk, and other enterprise security defense, forensic, and SIEM tools
• Working knowledge of security concepts, protocols, processes, architectures and tools (vulnerabilities, threats and exploitation, authentication & access control technologies, threat intelligence data and sources, WHOIS and DNS referential data and sources, intrusion detection/prevention capabilities, network traffic analysis, SIEM technology, incident handling, media/malware analysis, etc)
• Working knowledge of networking concepts, protocols and architectures (OSI-model, TCP/IP, major application protocols such as DNS/HTTP/SMTP, LAN/WANs, VPNs, routers/routing, addressing, etc)
• Detailed knowledge of intrusion detection engines, capabilities and signature formats in general, with a specific focus on Snort/Sourcefire variations and regular expressions (REGEX)
• Experience with network security controls such as routers, switches, firewalls, intrusion management solutions, network access control, and related solutions
• Working knowledge of Linux and Windows operating systems and applications
• Knowledge of cyber policy & issues, the global cyber community, roles of major organizations how they interrelate and interact, and challenges in these structures
• Awareness of the common cyber products and services, an understanding of their limitations, and a comprehensive understanding of the disciplines of cybersecurity
• Ability to produce results in a fast-paced environment with the ability to meet iterative deadlines
• Experience writing standard operating procedure documentation
• Vulnerability assessment experience
• Familiarity with Kill Chain for incident response
• Familiarity with incident response products and best practices
• Demonstrated success working individually or as part of a team requiring little supervision
• When required, have the ability to work outside of normal working hours and weekends as needed to support the customer’s needs
• Strong verbal and written communication skills
• Must be able to work in a fast-paced environment



Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.

Apply Now
Apply Now

What's great about
Northrop Grumman

  1. Be part of a culture that thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work.
  2. Use your skills to build and deliver innovative tech solutions that protect the world and shape a better future.
  3. Enjoy benefits like work-life balance, education assistance and paid time off.


Did you know?

We offer an array of benefits to give you the support you need, including matching 401K, tuition assistance, health insurance and wellness options, coaching, mentoring and more.