Computer Systems Analyst 3
Northrop Grumman is seeking an ISSO-Computer Systems Security Analyst to join our team in defining the future. This position will be located in Baltimore, MD. The qualified applicant will become part of Northrop Grumman’s Information Technology Solutions team supporting multiple software development activities and several highly visible Space programs managed within the Electronic Systems Sector.
Roles and Responsibilities:
- Designs, tests, and implements state-of-the-art secure operating systems, networks, and database products
- Conducts risk assessment and provides recommendations for application design
- Participate in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access
- Uses encryption technology, penetration and vulnerability analysis of various security technologies, and information technology security research; and may prepare security reports to regulatory agencies
- Ensures systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan
- Ensures that all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before granting access
- Ensures configuration management (CM) for security-relevant IS software, hardware, and firmware is maintained and documented
- Ensures all information system security-related documentation is current and accessible to properly authorized individuals
- Maintains records, outlining required patches/system upgrades that have been accomplished throughout the information system’s life cycle
- Ensures records are maintained for workstations, servers, routers, firewalls, intelligent hubs, network switches, telephony equipment, etc.
- Must be skilled with MS office suite to develop and maintain accreditation package (SSP, Network Drawings, Forms, etc.) and have good verbal skills to communicate with the programs
- Ensures that all systems/network are compliant and in scope of current accreditation
- Ensure data is protected and handled per applicable guidance
- Evaluates proposed changes or additions to the information system, and advises the Information Systems Security Manager (ISSM) of their security relevance
- Create and maintain Plan Of Action and Milestones (POAM) or Risk Acceptance/Acknowledgement Letters (RALS)
- Be active member of security team
- must be able to Establish/Maintain/Disestablish information system (“Cradle to Grave”)
- Coordinates Trusted Downloads
- Assist with security education / Conduct training sessions
- Participate in internal / external security audits/inspections
- Should be able to interpret security audit logs to ensure user/privileged user compliance
- report unusual events
- Directs program system administrators on security matters
- Serve as an alternate to the ISSM
- Travel may be required
- Performs weekly audits as directed by the Information Systems Security Manager (ISSM)
- Splunk experience or other SIEM (Security Information and Event Management) product
- Windows and/or Linux/UNIX configuration
- Vulnerability scanning (Nessus/Security Center)
- NIST/RMF/NISPOM/JAFAN/DCID 6/3 knowledge
- Windows, Linux/UNIX admin experience
- Red/Black Cleared a plus
Basic Qualifications: Typical Minimum Education / Experience: 5 Years with Bachelors in Science; 3 Years with Masters; 0 Years with PhD.
Three to 5 years computer security experience
- Knowledge of NISPOM information system requirements, particularly chapter 8; MCITP/MCSA 2008/2012; UNIX/LINUX/Redhat/Solaris knowledge/experience; and the ability to develop and implement IS certification test(s) and conduct ongoing periodic reviews
- Must be able to work in a fast paced environment where multiple projects are being developed and deployed simultaneously
- Knowledge of and experience with Defense Security Service ODAA processes and procedures; familiarity with OBMS.
- Must be able to work well within a team environment and able to adapt quickly to change
- Active DoD Secret security clearance with ability to obtain and maintain Top Secret security clearance with SCI and SAP level access.
- Willingness to work after hours or weekends as needed
- Able to lift 40 lbs.
- Must be able to obtain and maintain cerifications to meet DOD 8570 requirements
Past or current ISSM/ISSO experience
- Knowledge of windows security / group policy and Cisco networking equipment
- Splunk or equivalent log management software knowledge
- Involvement in security audits/inspections
- Familiarity with DISA Security Technical Implementation Guides (STIGs)
- Experience in SCIF/SAPF environments
- ICD 503, JSIG and JAFAN knowledgeable
- Background or understanding of System Security Plans (SSP)
- BS degree in Technical field related to computer security
- Current 8570 certification (CISSP, Security )
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.
Meet Some of Northrop Grumman's Employees
Enterprise Communications Professional
A’Darien oversees executive and organizational communications within the company in order to ensure all Northrop Grumman employees are kept in the know and are aware of the company’s values.
Back to top