Sr Principal Cybersecurity Analyst (ISSE) EC

Northrop Grumman is hiring!  Earn up to a $20,000 sign on bonus if you are hired against specific TS/SCI Polygraph positions.

At the heart of Defining Possible is our commitment to missions. In rapidly changing global security environments, Northrop Grumman brings informed insights and software-secure technology to enable strategic planning. We’re looking for innovators, who can help us keep building on our wide portfolio of secure, affordable, integrated, and multi-domain systems and technologies that fuel those missions. By joining in our shared mission, we will support yours of expanding your personal network and developing skills, whether you are new to the field or an industry thought-leader. At Northrop Grumman, you will have the resources, support, and team to do some of the best work of your career. 

Northrop Grumman Mission Systems sector is seeking an Information Systems Security Engineer (ISSE) to join our team of qualified, diverse individuals located at Annapolis Junction. Our security professionals support a wide range of systems and programs to ensure confidentiality, integrity, and availability of key infrastructure. The ISSE will perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments. Additionally, the ISSO/ISSE will establish strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits; assist in the implementation of the required government policy (i.e., NISPOM, DCID 6-3), make recommendations on process tailoring, participate in and document process activities. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M. Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.

Basic Qualifications: 

- A current and active TS/SCI Clearance with Polygraph is required. 

- 9+ years of relevant cyber security/systems security engineering experience with a BS Degree in a STEM field, or an additional 4 years of experience on projects with similar processes may be substituted in lieu of degree. 

- Ability to review and support certification and accreditation documentation within the NIST Risk Management Framework (RMF), NSA/CSS Information System Certification and Accreditation Process (NISCAP), NIST 800-53, and CNSSI-1253. 

- Experience reviewing technical security assessments of computing environments to identify points of vulnerability, or non-compliance 

- Experience with System Security Plan (SSP) maintenance.

- Can recommend system-level solutions to address and resolve security requirements. 

- Familiar with supporting software development from a security standpoint (code reviews, security compliance, secure coding practices). 

- Capable identifying overall security requirements for the proper handling of customer data. 

- Experience with security planning, assessment, risk analysis, and risk management. 

Preferred Qualifications: 

- Kubernetes/Container and application level security knowledge, including testing and analysis and security basics. 

- Applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resulting security risk analysis. 

- Able to generate system or network designs that encompass multiple enclaves, including those with different data protection or classification. 

- Designs or builds IA into systems deployed to operational environments. 

- Familiarity with operating in a Scaled Agile Framework (SAFE Agile Framework). 

- IASAE Level 2 compliance - ISC(2) CISSP certification.