Cyber Information Sys Security 5
Northrop Grumman is seeking a Cyber Information Sys Security 5 5 to join the Cyber Information Systems Security team in Palmdale, CA. The Cyber Security team consists of Information Systems Security Officers (ISSOs), Information Systems Security Managers (ISSMs), and Cyber Information Assurance Analysts (CIAAs). The Cyber Info Systems Security organization has overall responsibility for providing information systems security oversight to all Northrop Grumman classified systems under their respective purview.
The selected candidate will serve directly as a subject matter expert (SME) in system security engineering matters for a distributed team. The candidate will provide technical guidance and leadership during the secure design, development, deployment, and sustainment of the system infrastructure. The CISSA is responsible for deriving the applicable security controls required for the system, interpreting the functional system security requirements, and the ongoing oversight of the implementation of the applicable security controls in order to facilitate and maintain an approved technical and network system baseline. The CISSA also employs best practices when implementing security requirements within an information system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.
The selected candidate will also provide direct support to the rest of the program security staff in the completion of the Assessment and Authorization (A&A) process and qualification for Authority to Operate (ATO). They will contribute to the preparation of a Security Accreditation package and body of evidence that successfully demonstrates compliance with extensive US Government system security policies, guidelines, and directives.
Responsibilities will include, but are not limited to:
- Prepare clear and concise presentations and briefings for customer and program audiences. Articulate and advocate security considerations in collaborative meetings, as well as formal reviews.
- Identify system design and operational vulnerabilities. Make cost effective recommendations to address deficient areas.
- Hands-on experience with modern operating systems and ability to guide system administrators to securely configure Windows and Linux systems.
- Experience using various security tools such as Auditing Tools (Splunk), SCAP-compliant automated vulnerability assessment tools (i.e. ACAS, Retina, Nessus, etc.). Interpret assessment results to identify vulnerabilities and verify system hardening.
- Extensive experience preparing, reviewing, and revising security relevant artifacts (SSP, CTP, SCTM, Security CONOP, Security Architecture, Privileged Users Guide, POA&M, RAR, etc.).
- Bachelor's degree with 14 years of relevant experience or master's degree with 12 years of relevant experience.
- Current TS clearance is required. Additional clearances may also be required by the government.
- Current CISSP, CISM, or GSLC security certification.
- Hands-on experience with modern networking (switch, routing, firewall) solutions. Securely configure, document, monitor and report computing environments through each layer of the OSI model to properly comply with customer security requirements.
- Knowledge of Cloud Computing concepts, design, architecture, and security.
- Provide technical and procedural Cybersecurity (CS) advice to the program in support of Program Management Reviews, Critical Design Reviews and System Design Reviews.
- Experience deriving and presenting security controls/requirements in support of A&A Reviews and Activities.
- Perform security assessments of servers/network devices/security appliances
- Familiarity with Risk Management Framework-based security controls and requirements.
- Experience utilizing COTS & GOTS products to collect, display and remediate a variety of automated system security and system operations/performance functions and metrics.
- Advanced technical competency in one or more of the following supported platforms: Microsoft Windows Server, Red Hat Enterprise Linux servers, VMWare ESX, Enterprise Networking/Firewalls/Intrusion Detection/Prevention Systems, Forensic Analysis/Vulnerability Assessment Toolkits, Security Information Event Managers, ACAS/Nessus/SCC (SCAP-compliant tools), Mandatory/Role-Based Access Control concepts (SElinux extensions to RHEL, PitBull, AppArmor, Sentris ), Video Teleconferencing/VOIP, Oracle/MSSQL database security, Apache/IIS Web server security.
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.
Meet Some of Northrop Grumman's Employees
Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.
Back to top