Sr. Principal Systems Administrator – Identity and Access Management System Administrator (24-069) BLSKColorado Springs, CO

Requisition ID: R10153981

  • Category: Information Technology

  • Location: Colorado Springs, Colorado, United States of America

  • Clearance Type: Top Secret

  • Telecommute: No- Teleworking not available for this position

  • Shift: Days (United States of America)

  • Travel Required: Yes, 10% of the Time

  • Relocation Assistance: Relocation assistance may be available

  • Positions Available: 1

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

Northrop Grumman Space Systems—Launch and Missile Defense Systems has an exciting career opportunity for a senior principal Systems Administrator—identity and Access Management System Administrator (24-069) to join our team of qualified, diverse individuals. This position will be located in Colorado Springs, CO.

Position Overview:

This individual is responsible for deploying and maintaining all directory service types activities, such as active directory domain services/controllers, certificate authorities services, policy tracking/creation, and account management functions in the enterprise. Must be a detail-oriented individual who can track the impact of events/actions on the underlying infrastructure being managed, such as replication schedules and group policies.

Essential Functions:

  • Deployment and maintenance of all active directory domain services/controllers.

  • Includes monitoring the health and status of all sites and services in the enterprise.

  • Deploy and maintain all certificate authority (CA) services, including issuing all SSL certificates and building new CA servers in the enterprise.

  • Tracking all CA server expiration dates, working with applicable teams to perform a renewal process for existing CA certs when needed.

  • Tracking all issued SSL certs for all enterprise enclaves and working with existing administrators to ensure no certificate expiration, potentially impacting services to the C2BMC-G user base.

  • Creating and maintaining system policies, such as Windows group policies and Linux authentication PAM rules/files (in concert with the Linux/UNIX team) and tracking any potential issues as they arise on the system.

  • Maintenance of all account matrices, including all applicable permissions cross-overs between enclaves when/if needed.

  • Work continuously with the cyber team to ensure all RBAC controls comply with current policies for restriction access between enclaves and systems in the enterprise for each applicable user/team.

  • Assist the cyber team with monitoring all directory services for unusual logins or account behavior metrics to ensure the safety and integrity of the C2BMC-G system enterprise's data.

  • Work with other teams to deploy and maintain technologies that include collaborative aspects, such as instant message platforms in the enterprise.

  • Work with all teams to ensure proper distributed authentication services are configured properly to ensure non-repudiation to all available sources.

  • Assisting with configuring LDAP services to network/software solutions to ensure RBAC access to the user base. Examples of LDAP/LDAPS connected endpoint configurations could be HPE iLO interfaces, Gitlab, Cisco ISE, FortiManager, Raritan KVM, etc.

  • Experience with Active Directory technologies in an enterprise-level system

  • Comfortable with creating and modifying group policies for forest-level application

  • Management of Active Directory remote site replication policies and health monitoring

  • Comfortable with using network/system health tracking solutions, such as SolarWinds, for monitoring system health for both virtual infrastructure as well as hardware health

  • Experience with writing standard operating procedures (SOP) documentation

Basic Qualifications:

Please note your updated security clearance and IAT/relevant certifications on your resume if applicable.

  • An active Top-Secret clearance is required to start with the ability to obtain TS/SCI and SAP clearance.

  • 10 years with a bachelor's degree in a related field; 14 years experience in lieu of a degree.

Preferred Qualifications:

  • Active TS/SCI and SAP clearance is highly desired.

  • Thorough understanding of Active Directory and its replication structure when used in a distributed forest, separated through WAN links.

  • Experience with an on-premise multi-domain environment using Role-based administrative controls (RBAC) for least privilege.

  • Experience with DISA STIG compliance remediation using distributed group policy and SCAP compliance scanners.

  • The ability to integrate automation technologies into daily Active Directory use is a plus.

What We Can Offer You:

Northrop Grumman provides a comprehensive benefits package and a work environment that encourages your growth and supports the mutual success of our people and our company. Northrop Grumman benefits give you the flexibility and control to choose the benefits that make the most sense for you and your family. Your benefits will include the following:

  • Health Plan

  • Savings Plan

  • Paid Time Off

  • Education Assistance

  • Training and Development

  • Flexible Work Arrangements





Additional Northrop Grumman Information:

Salary Range: $109,900 - $164,900

The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.

Employees may be eligible for a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.

The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit. U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.