This job has expired

Cyber Intelligence Analyst

Northrop Grumman
Cheltenham, Gloucestershire
Closing date
14 Mar 2021

View more

Computing & IT, Defence, Cyber Security
Job Type
You need to sign in or create an account to save a job.

Job Details

Job Description

As part of Northrop Grumman’s Intelligence and Response (I&R) team this role will provide computer network defence support in the United Kingdom. The I&R team is tasked with an important mission to protect Northrop Grumman’s computing infrastructure from sophisticated threats, provide day to day operations and services, and strategically position the infrastructure to defend against the threats of tomorrow.

Different thinking for a Different world

Northrop Grumman is involved in a range of future game-changing defence and security programmes. Whether this is as a partner in the F-35 Lightning II providing the aircraft with much of its situational awareness and communications, as a leading specialist in large intelligence datasets, as a pre-eminent provider of High Altitude Long Endurance unmanned aircraft systems, or as the ‘go to’ provider for truly open system architectures for battlespace networks, communications, and command and control, Northrop Grumman has an unparalleled reputation as an innovator. 

How you will make a difference

The I&R team is currently looking for an experienced and highly motivated problem solver to act as a network forensic analyst and incident responder in the United Kingdom to process and mitigate cyber threat actor activity as part of a high performing, high profile team of information security and CI professionals. Adaptability, creativity, a commitment to mission, self-direction, and strong written/verbal communication skills are essential.

Key responsibilities

  • Perform analytic and network forensic duties including:
    • Cyber security monitoring
    • Host- and network-based log analysis
    • Correlation of network threat indicators and PCAP data
    • Analytical triage and prioritisation of concurrent incidents
    • Incident response (both intrusion and privacy related)
    • Incident timeline generation
    • Root cause analysis and remediation
    • Detailed written reporting of incident investigations
  • Define and recommend security policy changes to security devices such as firewalls, proxies, email gateways, Intrusion Detection/Prevention Systems, end-point application whitelisting and anti-virus solutions, and Data Loss Prevention solutions
  • Perform host-based cyber forensics investigations (including live memory and system image acquisition, maintaining chain-of-custody, producing investigative reports) in support of data recovery, Incident Response, HR/Ethics employee investigations, Insider Threat investigations, and Legal/litigation cases as needed
  • Conduct cyber-threat trend analysis and reporting, and devise pro-active mitigations to reduce risk
  • Collaborate with I&R and Strategic Counterintelligence (CI) analysts worldwide to co-ordinate a multi-tiered approach to cyber threat mitigation and tracking of trends which will result in the denial of current and future adversary actions
  • Perform malware analysis to determine and mitigate again adversary tactics, techniques, and procedures, and undertake or assist with reverse engineering of adversary tools
  • Execute cyber-threat hunting, vulnerability scanning, and penetration testing (as needed)
  • Support and participate in cyber exercises; identify capability and process gaps; recommend improvements
  • Generate custom scripting and coding to facilitate effective processing of cyber threat related indicators and data
  • Carry out cyber-threat intelligence and counter-intelligence missions as a key component of the analytic role, including Cyber Kill Chain reconstruction, identification/analysis/mitigation of adversary infrastructure and avenues of approach, and research on adversary attribution and intentions
  • Provide security consulting and briefing support to company leadership in the areas of policy, cyber threats, cyber exercises, network security infrastructure/products
  • Assist in security architecture planning, design and testing of new technologies and capabilities to optimise security posture and cost effectiveness as needed
  • Assist in cyber security-related business development efforts, to include program capture efforts, proposal strategy and planning, resource assessments, and direct-charge program SOC support as needed
  • Establish and maintain positive working relationship with corporate network security stakeholders in EMEA and the U.S., as well as U.K. government/defence points of contact as necessary
  • Produce high-quality written threat activity highlights and monthly summary reports to be incorporated into summaries for highest level corporate leadership dissemination
  • Support production of cyber-threat educational material for employees.

General Operational duties

  • Attend Security department meetings and EMEA strategy working groups as required
  •  Remain compliant with all applicable Security/Information Security processes and procedures
  • Support the EMEA Security Manager in maintaining and advancing a fit-for-purpose I&R capability in the UK

Essential Criteria:

  • Bachelor’s degree or equivalent in a Computer Science/Engineering related field
  • Significant experience in the analysis of network communication protocols at all layers of the OSI model
  • Extensive experience in an analytical role focused primarily on network forensic analysis
  • Experience with Splunk security information and event management (SIEM) solution
  • Evidenced experience of conducting analysis of electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations
  • Track record of using two or more enterprise level perimeter or endpoint security products
  • Significant experience of large data sets and high-performance computing systems in a high threat environment
  • Experienced in applying and developing cyber threat intelligence methodologies
  • Hold one or more of the following technical certifications (or equivalent):
  • GIAC Certified Incident Handler (GCIH) / GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Forensic Analyst (GCFA) / GIAC Certified Forensic Examiner (GCFE)
  • GIAC Network Forensic Analyst (GNFA)
  • Certified Computer Forensic Examiner (CCFE)
  • GIAC Reverse Engineering Malware (GREM)
  • GIAC Certified Penetration Tester (GPEN)
  • GIAC Cyber Threat Intelligence (GCTI)
  • Splunk Core Certified
  • Certified Information Systems Security Professional (CISSP)
  • EnCase Certified Examiner (EnCe)
  • Certified Ethical Hacker (CEH)
  • Offensive Security Certified Professional (OSCP)

 It would be beneficial if you had:

  • Familiarity with current information security threats facing aerospace defence contractors or Government systems
  • Knowledge/experience of ISO20000 & ISO27001
  • Previous experience performing Red/Blue Team activities

Additional Information:

  • Looking for flexibility? Speak to us at application stage about what may be possible.
  • Applicants will be required to hold and maintain UK Government Security Clearance


Northrop Grumman solves the toughest problems in space, aeronautics, defense and cyberspace to meet the ever evolving needs of our customers worldwide. Our 85,000 employees define possible every day using science, technology and engineering to create and deliver advanced systems, products and services.

Find Us
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert