Cybersecurity Analyst / Principal Cybersecurity Analyst

Northrop Grumman Northrop Grumman · Aerospace · Tampa, FL +1 · Cyber

Northrop Grumman is seeking experienced Cybersecurity Analysts to work on-site in Tampa, FL. The role involves utilizing and developing Splunk for security information and event management, including creating queries, dashboards, and reports. Responsibilities include configuring Splunk infrastructure, leveraging Splunk Enterprise Security for threat detection, using endpoint security solutions, investigating security incidents, and collaborating with cross-functional teams. A strong understanding of SIEM concepts and best practices is required. The position requires a security clearance.

What you'd actually do

  1. Utilize your experience with a Security Information and Event Management (SIEM) tool. Splunk is preferred, but experience with an equivalent SIEM would be acceptable.
  2. Develop and Implement Splunk Queries: Create and optimize complex Splunk queries to extract, analyze, and visualize security data from diverse sources. Utilize Splunk Search Processing Language (SPL) to generate actionable insights for proactive threat detection and response.
  3. Design Splunk Dashboards and Reports: Design user-friendly Splunk dashboards and reports tailored to different stakeholders, such as security operations teams, management, and auditors. Provide real-time visibility into security events, trends, and key performance indicators.
  4. Configure and Maintain Splunk Infrastructure: Configure and fine-tune Splunk deployments, including data inputs, data parsing, field extractions, and data enrichment pipelines. Ensure the continuous availability and optimal performance of Splunk indexes, search heads, and forwarders.
  5. Utilize Splunk Enterprise Security: Leverage Splunk Enterprise Security to develop and implement security use cases, correlation searches, and notable events for threat detection and analysis. Monitor security-related alerts and incidents to identify and prioritize security threats.

Skills

Required

  • Splunk
  • SIEM
  • Splunk SPL
  • Splunk Enterprise Security
  • Trellix/HBSS
  • Cybersecurity Incident Investigation
  • Data Analysis
  • Reporting
  • Documentation

Nice to have

  • Splunk query optimization
  • Splunk dashboard design
  • Splunk infrastructure configuration
  • Cross-functional collaboration

What the JD emphasized

  • SCI clearance required
  • must have a solid understanding of security information and event management (SIEM) concepts and best practices