Northrop Grumman Cyber Security Engineer 3 / 4 in Annapolis Junction, Maryland

TheCyber Security Engineerwill be responsible for designing and implementing security controls for client network and infrastructure elements, in order to meet federal regulatory compliance specifications. Candidates will also perform an in-depth analysis of the current infrastructure environments, risk assessments, and will document and conduct risk assessments and validate the security controls. This is a 25% hands-on security position, 75% of the work will be performing security analysis, risk assessments and ensuring compliance with a Federal Governance (ICD DOD 8500, JSIG and NISPOM). Candidates must have experience participating in internal and external security audits.

Northrop is seeking a Cyber Security Engineerto join our team of qualified, diverse individuals located in Annapolis Junction, MD.

Duties include, but not limited to:

  • Ensure compliance with all systems security requirements and updates, providing guidance and instruction as necessary to the existing personnel.

  • Initiate protective and corrective measures when a security incident or vulnerability is discovered.

  • Monitor system recovery processes and ensure the proper restoration of an IS security feature.

  • Retain audit logs in accordance with USPS Policy Evaluate system security posture and made recommendations to Senior staff for correction and implementation plans

  • Evaluate security documentation, including SSAAs, COOPs, and SOPs

  • Ensure that all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before they are granted access to the IS

  • Ensure Configuration Management (CM) for security-relevant IS software, hardware, and firmware is documented and maintained.

  • Support authorization activities throughout the SAA process ensuring that system security requirements are followed

  • Establish audit trails and ensure their review, and make them available, when required.

This requisition maybe filled at a higher grade based on qualifications listed below.

Basic Qualifications:

*Security Clearance: An active TS/SCI clearance with Polygraph is required.

This position may be filled by either a Level 03 or a Level 04 candidate.

BQs for a Cyber Security Engineer03 are:

  • Shall have a Bachelor's Computer Engineering/Science, Information Systems, Cybersecurity, or other technically relevant field of study and a minimum of five (05) years for a Level 03

  • Shall have a minimum five (05) years in a technical role, providing technical expertise for software intensive projects and programs for Government or Industry customers

  • Shall have a minimum five (05) years as a Security Engineer supporting software architecture development

  • Shall have at least three (03) years of experience performing day-to-day ISSE responsibilities for system / product teams, and working with system administrators to implement security controls and remediated vulnerabilities

  • Shall have proven ability to perform hands-on security test & evaluation of large-scale, complex, Linux-based systems against current NIST standards

  • Shall have working knowledge of cybersecurity tools such as Nessus and NMAP including installation procedures, execution of tools, and analysis of tool output

  • Shall have familiarity with supporting the sustainment activities for System Security Plans (SSPs) following the Risk Management Framework process in Xacta for national level mission systems

  • Shall coordinate and work with various system stakeholders to determine the applicable security/IA requirements based on the intent of the NIST 800-53, and CNSS 1253 security requirements

  • Shall coordinate with program management and other stakeholders to track and maintain risks associated with multiple mission Information Systems to ensure compliance with all IA requirements and national level directives

  • Shall have experience in the management and maintenance of systems required to satisfy the Certification and Accreditation requirements under the NIST 800-37, NIST 800-53, and the CNSS 1253

BQs for a Cyber Security Engineer04 are:

  • Shall have a Bachelor's Computer Engineering/Science, Information Systems, Cybersecurity, or other technically relevant field of study and a minimum of nine (09) years for a Level 04

  • Shall have a minimum nine (09) years in a technical role, providing technical expertise for software intensive projects and programs for Government or Industry customers

  • Shall have a minimum nine (09) years as a Security Engineer supporting software architecture development

  • Shall have at least nine (09) years of experience performing day-to-day ISSE responsibilities for system / product teams, and working with system administrators to implement security controls and remediated vulnerabilities

  • Shall have proven ability to perform hands-on security test & evaluation of large-scale, complex, Linux-based systems against current NIST standards

  • Shall have working knowledge of cybersecurity tools such as Nessus and NMAP including installation procedures, execution of tools, and analysis of tool output

  • Shall have familiarity with supporting the sustainment activities for System Security Plans (SSPs) following the Risk Management Framework process in Xacta for national level mission systems

  • Shall coordinate and work with various system stakeholders to determine the applicable security/IA requirements based on the intent of the NIST 800-53, and CNSS 1253 security requirements

  • Shall coordinate with program management and other stakeholders to track and maintain risks associated with multiple mission Information Systems to ensure compliance with all IA requirements and national level directives

  • Shall have experience in the management and maintenance of systems required to satisfy the Certification and Accreditation requirements under the NIST 800-37, NIST 800-53, and the CNSS 1253

Preferred Qualifications:

  • Current in at least one of the following 8570 IAT Level III certifications:

o CASP, CISSP, CISA, GCED, GCIH or GSEC

  • Master's Degree in Computer Engineering/Science, Information Systems, Cybersecurity, or other technically relevant field of study

  • Experience with any of the following COTS security tools: CORE Impact, SPLUNK, AppScanner, HP Fortify, SwampBox, etc.

NGCIMSMD

ISCYBERDIV

MSCYBERDIV

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO . U.S. Citizenship is required for most positions.