Cybersecurity Analyst / Principal Cybersecurity Analyst

RELOCATION ASSISTANCE: Relocation assistance may be available

CLEARANCE REQUIRED FOR START: Yes

CLEARANCE TYPE: SCI

TRAVEL: Yes, 10% of the TimeDescription

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

Join Northrop Grumman on our continued mission to push the boundaries of possible across land, sea, air, space, and cyberspace. Enjoy a culture where your voice is valued and start contributing to our team of passionate professionals providing real-life solutions to our world’s biggest challenges. We take pride in creating purposeful work and allowing our employees to grow and achieve their goals every day by Defining Possible. With our competitive pay and comprehensive benefits, we have the right opportunities to fit your life and launch your career today. 

At the heart of Defining Possible is our commitment to missions. In rapidly changing global security environments, Northrop Grumman brings informed insights and software-secure technology to enable strategic planning. We’re looking for innovators who can help us keep building on our wide portfolio of secure, affordable, integrated, and multi-domain systems and technologies that fuel those missions. By joining in our shared mission, we’ll support you, expanding your personal network and developing skills, whether you are new to the field, or an industry thought leader. At Northrop Grumman, you’ll have the resources, support, and team to do some of the best work of your career. 

We are seeking experienced Cybersecurity Analysts to work on-site at our Tampa, FL location. 

Note: Due to the classified nature of the work being performed, this position does not offer any virtual or telecommute working options. Applicants are encouraged to apply, only if they are willing to work on-site. 

This position follows a Panama schedule that includes working 12-hour shifts. This schedule allows for employees to have a three-day weekend every other week and rotates from days to nights approximately every 12 weeks. Employees are compensated with a pay differential during their night shift rotations.  

  

What You’ll get to Do 

Essential Duties: 

• Utilize your experience with a Security Information and Event Management (SIEM) tool. Splunk is preferred, but experience with an equivalent SIEM would be acceptable. 

• Develop and Implement Splunk Queries: Create and optimize complex Splunk queries to extract, analyze, and visualize security data from diverse sources. Utilize Splunk Search Processing Language (SPL) to generate actionable insights for proactive threat detection and response. 

• Design Splunk Dashboards and Reports: Design user-friendly Splunk dashboards and reports tailored to different stakeholders, such as security operations teams, management, and auditors. Provide real-time visibility into security events, trends, and key performance indicators. 

• Configure and Maintain Splunk Infrastructure: Configure and fine-tune Splunk deployments, including data inputs, data parsing, field extractions, and data enrichment pipelines. Ensure the continuous availability and optimal performance of Splunk indexes, search heads, and forwarders. 

• Utilize Splunk Enterprise Security: Leverage Splunk Enterprise Security to develop and implement security use cases, correlation searches, and notable events for threat detection and analysis. Monitor security-related alerts and incidents to identify and prioritize security threats. 

• Utilize Trellix/Endpoint Security Solutions (ESS), formally Host Based Security System (HBSS) to detect and counter known threats. 

• Collaborate with Cross-Functional Teams: Collaborate with cross-functional teams, including IT, network, and application teams, to integrate Splunk with various platforms and systems. Provide technical expertise in advising security on best practices and designing effective security controls. 

• Investigate Security Incidents: Conduct in-depth investigations into security incidents, anomalies, and breaches using Splunk's forensic capabilities. Perform root cause analysis, incident triage, and post-incident reviews to identify gaps in security controls and recommend remediation actions. 

• Documentation and Reporting: Document Splunk configuration, operational procedures, and security findings. Prepare comprehensive reports detailing security events, trends, and mitigation strategies. Communicate technical information effectively to non-technical stakeholders. 

• Stay current with Industry Trends: Stay abreast of the latest cybersecurity threats, vulnerabilities, and industry best practices. Continuously enhance your knowledge of Splunk features and capabilities through self-study, professional training, and certifications. 

• Individual must have a solid understanding of security information and event management (SIEM) concepts and best practices to include proficiency in troubleshooting Splunk configurations and performance issues. 

• Ability to collaborate with other teams to investigate security incidents and provide insights for improving security posture. 

This requisition may be filled as a Cybersecurity Analyst or Principal Cybersecurity Analyst. 

This position is contingent upon Funding/Contract Award 

Basic Qualifications for Cybersecurity Analyst: 

• Bachelor’s degree with 2 years of experience OR a Master’s degree with 0 years of experience. 

• U.S. Citizenship required 

• A current/active DoD TS/SCI clearance 

• Must possess DoD 8570 Certification for IAT Level II or higher prior to start date. 

• Experience with a Security Information and Event Management (SIEM) tool. 

• Ability to collaborate with other teams to investigate security incidents and provide insights for improving security posture. 

• Working knowledge of network security controls such as routers, switches, firewalls and network access controls. 

• Working Knowledge of Linux and Windows Operating Systems. 

• Knowledge of vulnerabilities, threat detection, encryption, and security audits. 

• Must be willing to work a Panama schedule that includes working 12-hour shifts.  

  

Basic Qualifications for Principal Cybersecurity Analyst: 

• Bachelor’s degree with 5 years of experience; OR a Master’s degree with 3 years of experience; OR a PhD with 1 year of experience 

• U.S. Citizenship required 

• A current/active DoD TS/SCI clearance 

• Must possess DoD 8570 Certification for IAT Level II or higher prior to start date. 

• Experience with a Security Information and Event Management (SIEM) tool. 

• Ability to collaborate with other teams to investigate security incidents and provide insights for improving security posture. 

• Working knowledge of network security controls such as routers, switches, firewalls and network access controls. 

• Working Knowledge of Linux and Windows Operating Systems. 

• Knowledge of vulnerabilities, threat detection, encryption, and security audits. 

• Must be willing to work a Panama schedule that includes working 12-hour shifts.  

Preferred Qualifications for Principal Cybersecurity Analyst: 

• DoD 8570 Certification for IAT Level III. 

• Proven experience with Splunk (or equivalent SIEM) front-end and/or back-end functionalities. 

• Experience with Trellix/Endpoint Security Solutions (ESS), formally Host Based Security System (HBSS). 

• Familiarity with scripting languages such as Python, PowerShell, or Bash. 

• Relevant certifications (e.g., Splunk Core Certified Power User, Splunk Enterprise Certified Admin). 

• Proven knowledge of network security controls such as routers, switches, firewalls, network access controls, and related solutions. 

• Proven knowledge of Linux and Windows operating systems and applications. 

• Excellent analytical and problem-solving skills. 

Primary Level Salary Range: $79,300.00 - $118,900.00Secondary Level Salary Range: $98,400.00 - $147,600.00

The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.

Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.

The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit http://www.northropgrumman.com/EEO. U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.