Principal Cyber Info. Systems Security Analyst

Requisition ID: R10005558

  • Category IconCategory: Information Technology
  • Location IconLocation: Baltimore - MD, United States of America
  • Citizenship IconCitizenship Required: United States Citizenship
  • Clearance IconClearance Type: Secret
  • Telecommute IconTelecommute: No- Teleworking not available for this position
  • Shift IconShift: 1st Shift (United States of America)
  • Travel IconTravel Required: No
  • Positions IconPositions Available: 1

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

Northrop Grumman is seeking Information Systems Security Professionals at our Linthicum, MD location. As an Information Systems Security Professional, you will perform the following:

  • Assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments.
  • Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
  • Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
  • Assist in the implementation of the required government policy (i.e., NISPOM), make recommendations on process tailoring, participate in and document process activities.
  • Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
  • Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
  • Coordinate and prepare the Body of Evidence for Accreditation and Authorization activities and update and report on the Plan of Actions and Milestones POA&M as required.
  • Support validation of Continuous Monitor activities and monitor corrective actions until all actions are closed.
  • Perform vulnerability scans and audits on SIPRNet assets via ACAS instance.
  • Ensure scheduled scans are covering 100% of intended assets and are being run successfully.
  • Ensure anomalous activity identified by the interrogator scanner on the SIPRNet circuit are reviewed and tasked to the System Administrator, as appropriate communicating to C5ISR or DCSA as appropriate.
  • Work with C5ISR CSSP to provide any updates to required artifacts.
  • Maintain GIAP record for circuit working with government POCs as needed.
  • Report results to DCSA and Government Sponsor on a Quarterly basis.
  • Utilize automated scanning tools and a host of security-related, web based applications, to report, identify and track assets vulnerabilities throughout the systems lifecycle
  • Conduct vulnerability and compliance scans, resolve connection and access issues to ensure accurate scan data, analyzes vulnerability assessment data, creates reports, and supports the Command Cyber Readiness Inspections (CCRI).
  • Duties/functions will include reviewing HIPS application blocking events, reviewing HIPS IPS threat events, reviewing anti-virus events, reviewing agent and module compliance, reviewing automated policy exception checks, reviewing ePO audit logs, reviewing automated HBSS STIG checks, reviewing the actions required by FRAGO 13 (automated point product verification, firewall policy verification, and updating/maintaining critical system documentation needed to obtain and retain accreditation.
  • Perform tuning and optimizations of HBSS rules and alerts, responsible for specifying proper types of files organization, indexing methods, and security procedures. In some instances perform detailed comparisons of various data base systems.
  • In the tuning process, they will be viewing those alerts and reporting all necessary information to the ISSM to make a decision or take to the CCB.
  • Updating policies in accordance with HBSS STIGs, and applying them to servers and workstations.
  • In addition, perform the functions of an HBSS Analyst by reviewing the reports and logs for threats and alerts, perform the research necessary to determine whether an alert was a false positive or a legitimate threat.
  • Monitor reoccurring monthly scans, configure Security Center asset lists, scan policies, reports and unique dashboards highlighting critical vulnerabilities and provide trend analysis; troubleshot and resolve customer issues and/or concerns.

 Basic Qualifications:

  • Master’s degree with 3 years of experience; OR Bachelor's degree with 5 years of experience; OR PhD with 0 years experience; OR a High School Diploma/GED with 9 years of experience is required
  • Must have a DoD 8570 IAM level II or level III security certification (examples: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, or CISO, HCISPP); OR must have the ability to obtain one within 6 months of start date
  • Candidates must have a current DOD Secret level security clearance to include a completed investigation date closed within the last 6 years in order to be considered

Preferred Qualifications:

  • The ideal candidate will have a Bachelor’s degree in Cyber Security, an IAM II/III compliant certification, and 5 years of experience with Certification and Accreditation of classified systems and Risk Management Framework
  • Knowledge of SIPRNet, ACAS, NESSUS, SPLUNK, SCAP, POA&Ms, NIST, NISPOM, system audits, vulnerability scanning, and RMF package development preferred

    Salary Range: 96600 - 145000

    Employees may be eligible for a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.

    The health and safety of our employees and their families is a top priority. With the continuing impacts of COVID-19 around the world, we are taking action to protect the health and well-being of our colleagues and maintain the safety of the communities where we operate. As a federal contractor, and consistent with Executive Order 14042 ( we will require all newly hired employees in the United States to be fully vaccinated by January 18, 2022 or by your start date if it is after January 18th. Federal guidance allows for disability/medical and religious accommodations with respect to the vaccine requirement. Any requested accommodations must be reviewed and approved (if applicable) in advance of your start date.

    Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit U.S. Citizenship is required for most positions.

    Apply Now


    Apply Now

    What's great about
    Northrop Grumman

    1. Be part of a culture that thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work.
    2. Use your skills to build and deliver innovative tech solutions that protect the world and shape a better future.
    3. Enjoy benefits like work-life balance, education assistance and paid time off.

    Did you know?

    We offer an array of benefits to give you the support you need, including matching 401K, tuition assistance, health insurance and wellness options, coaching, mentoring and more.