At the heart of Defining Possible is our commitment to missions. In rapidly changing global security environments, Northrop Grumman brings informed insights and secure technological solutions to enable strategic objectives. We’re looking for innovators, who can help us keep building on our wide portfolio of secure, affordable, integrated, and multi-domain systems and technologies that fuel those missions. By joining in our shared mission, we will support yours by expanding your personal network and developing skills, whether you are new to the field or an industry thought leader. At Northrop Grumman, you will have the resources, support, and team to do some of the best work of your career.
The Northrop Grumman Classified Solutions team is seeking a Sr. Principal Classified Cybersecurity Analyst to support information systems lifecycle activities. The selected candidate will be required to work on-site, full-time at our Aurora, CO location.
The responsibilities of this role include, but are not limited to, the following:
Manage the cybersecurity program of all assigned information systems and execute all cybersecurity-related tasks.
Conduct and lead regular reviews of system audits and continuous monitoring activities, covering all security controls and configurations, to enhance operational efficiencies of the information system security posture.
Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy.
Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
Drive the implementation of the required government policy, make recommendations on process tailoring, participate in and document process activities.
Establish and oversee strict program control processes that mitigate risk and support system Assessment and Authorization (A&A). This includes process support, analysis, coordination, security certification testing, security documentation, investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits.
Lead the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
Document the results of A&A activities, and inspection activities, along with any technical or corrective actions and work collectively with the security team to submit responses to the appropriate cognizant authority.
Prepare, review, and submit A&A documentation (System Security Plan, Risk Acceptance Report, Security Controls Traceability Matrix, Plan of Action and Milestones, etc.) for review and approval.
Note: Due to the classified nature of the work being performed, this position does not offer any virtual or telecommute working options. Applicants are encouraged to apply only if they are willing to work on-site.
This is an Information Systems Security Manager (ISSM) level opportunity. If you are ready to solve complex problems in a dynamic environment, apply today!
Basic Qualifications:
Master's Degree with 6 years of relevant technical experience; OR a Bachelor's Degree with 8 years of relevant technical experience; OR an Associate's Degree with 10 years of relevant technical experience; OR a High School Diploma/GED with 12 years of relevant technical experience is required
Must have a current 8140 IAM level III (8570 equivalent) security certification (examples: CISM, GSLC, CCISO, CISSP); maintaining the certification will be a condition of continued employment
Candidates must have a current Top Secret/SCI security clearance to include a recent/current Polygraph [adjudicated within the last 5-years] in order to be considered
Must have the ability to obtain, and maintain, access to Special Programs as condition of continued employment
Preferred Qualifications:
The ideal candidate will have a Bachelor’s degree in Cyber Security, a CISSP, and 9 years of experience with Certification and Accreditation of classified systems and Risk Management Framework in a JSIG or SAP access level environment
Experience in cybersecurity compliance (ex. Assessment & Authorization under RMF)
Knowledge of security tools such as ACAS, Nessus, Splunk, Trellix, and SCAP
Knowledge of security frameworks and documentation such as NIST, JSIG, DAAG, SSPs, POA&Ms, and SCTMs
Current Top Secret/SCI with Polygraph and current SAP/SAR access is highly desirable
We offer flexible work arrangements, phenomenal learning opportunities, exposure to a wide variety of projects and customers, and a very friendly team environment. Our diverse portfolio of programs means there are endless paths to cultivate your career. We also offer exceptional benefits/healthcare, a 9/80 work schedule, and a great 401k matching program. Come join us!