Sr Principal Cybersecurity Analyst – Cybersecurity Engineer (24-373)
Requisition ID: R10173649
- Category: Information Technology
- Location: Schriever AFB, Colorado, United States of America
- Clearance Type: Top Secret
- Telecommute: No- Teleworking not available for this position
- Shift: Days (United States of America)
- Travel Required: Yes, 10% of the Time
- Positions Available: 1
Northrop Grumman Space Systems – Launch and Missile Defense Systems has an exciting career opportunity for a Sr Principal Cybersecurity Analyst – Cybersecurity Engineer (24-373) to join our team of qualified, diverse individuals. This position will be at Schriever Space Force Base, Colorado Springs, CO.
Position Overview:
The Command and Control, Battle Management, and Communications (C2BMC) program integrates the Missile Defense System. It is a vital operational system that enables the U.S. president, secretary of defense, and combatant commanders at strategic, regional, and operational levels to systematically plan ballistic missile defense operations, to see the battle develop collectively, and to dynamically manage designated networked sensors and weapons systems to achieve global and regional mission objectives. C2BMC supports a layered missile defense capability that enables an optimized response to threats of all ranges in all phases of flight. C2BMC is the force multiplier that globally and regionally networks integrate, synchronizing autonomous sensor and weapon systems and operations to optimize performance. C2BMC is integral to all system ground and flight tests, which verify and exercise all current and future missile defense system capabilities.
Essential Functions:
- Process and track DD Form 2875 user account forms and required training for privileged and non-privileged accounts; perform annual account validation; and work with the system administrator to create, modify, and remove accounts.
- Assess systems and networks within a virtual environment and identify where those systems deviate from acceptable configurations, enclaves, or local policies.
- Passive evaluations, such as compliance audits using STIG Viewer, SCAP, etc., and active evaluations, such as vulnerability assessments utilizing ACAS.
- Perform Security Technical Implementation Guide (STIG) assessments and hardening for both Windows, Red Hat Enterprise Linux (RHEL) systems, and networking equipment utilizing ConfigOS.
- Develop test plans reflecting how STIG checks are implemented and be able to show the expected outcomes of those checks.
- Update the Risk Management Framework (RMF) artifact documentation to ensure non-compliant system hardening is tracked and remediated.
- Establish strict program control processes to ensure risk mitigation and support obtaining system assessment and authorization.
- Support of process, analysis, coordination, control certification test, compliance documentation, and investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits.
- Assist in implementing the required government policy (e.g., NISPOM, NIST, DoD), make recommendations on process tailoring, and participate in and document process activities.
- Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards.
- Support program test milestones through pre-test preparations, participating in the tests, analysis of the results, and preparation of required artifacts supporting authorization.
- Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow Diagrams, Hardware and Software listings, Ports, Protocols, and Services Management documentation.
- Support Assessment and Authorization activities and maintain the Plan of Action and Milestones (POA&M).
- Periodically review each program support and operational system's audits and monitor corrective actions until all actions are closed.
- Coordinate across the program to address identified deficiencies during RMF assessment activities.
Basic Qualifications:
Please note your updated security clearance and IAT/relevant certifications on your resume, if applicable.
- An active Top Secret clearance is required to start.
- 9 years' experience with a bachelor’s degree in engineering, computer science, mathematics or a related field; 7 years' experience with a master’s degree in engineering, computer science, mathematics or a related field; or 13 years' experience in lieu of a degree .
- DoD 8140 certification at IAT Level II / IAM – Level I or higher (Security+, GSEC, SCNP, SSCP, CISSP, CISA, GSE, SCNA) is required at the start.
- Security engineering skills with a working knowledge of cybersecurity technology and DoD/Federal cybersecurity policy (i.e., DoDI 8500.01, NIST SP 800-53, etc.).
- Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS).
- Understanding of Risk Management Framework (RMF) Cybersecurity Lifecycle including:
- Identifying controls and overlays
- Generating testable requirements, identifying resilient architecture design, configuring, running, and scripting audit tools, providing analysis of vulnerability analyses,
- Conducting verification testing for compliance assessment.
- Knowledge of Software Assurance (SwA) static and dynamic code analysis (e.g. Fortify)
Preferred Qualifications:
- Windows and Red Hat Enterprise Linux (RHEL) system administration skills are highly desired.
- Previous background working in a virtual environment.
- Previous background working with dockers and containers.
- Administer ACAS and ESS (formally HBSS)
- Previous experience with ConfigOS.
What We Can Offer You:
Northrop Grumman provides a comprehensive benefits package and a work environment that encourages your growth and supports the mutual success of our people and our company. Northrop Grumman benefits give you the flexibility and control to choose the benefits that make the most sense for you and your family. Your benefits will include the following:
- Health Plan
- Savings Plan
- Paid Time Off
- Education Assistance
- Training and Development
- Flexible Work Arrangements
https://benefits.northropgrumman.com/us/en2/BenefitsOverview/Pages/default.aspx
NGSpace
COSpace
NGFeaturedJobs
C2BMC
Additional Northrop Grumman Information:
Employees may be eligible for a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit http://www.northropgrumman.com/EEO. U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.
What's great about
Northrop Grumman
- Be part of a culture that thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work.
- Use your skills to build and deliver innovative tech solutions that protect the world and shape a better future.
- Enjoy benefits like work-life balance, education assistance and paid time off.
Did you know?
Northrop Grumman leads the industry team for NASA’s James Webb Space Telescope, the largest, most complex and powerful space telescope ever built. Launched in December 2021, the telescope incorporates innovative design, advanced technology, and groundbreaking engineering, and will fundamentally alter our understanding of the universe.