ISSO / Computer Systems Security Analyst 3

The Information Systems Security Officer will be responsible for designing and implementing security controls for client network and infrastructure elements, in order to meet federal regulatory compliance specifications. Candidates will also perform an in-depth analysis of the current infrastructure environments, risk assessments, and will document and conduct risk assessments and validate the security controls. This is a 25% hands-on security position, 75% of the work will be performing security analysis, risk assessments and ensuring compliance with a Federal Governance (ICD DOD 8500, JSIG and NISPOM). Candidates must have experience participating in internal and external security audits.

Northrop is seeking an Information Systems Security Officer to work onsite in a Northrop Grumman Facility in Maryland.

Specific Duties:

Manage all Risk Management Framework activities IAW ICD 503/JSIG/DoD.

Prepare all related RMF documentation.

Manage the remediation/mitigation of security violations to determine if the Network Environment (NE) has been breached, assess the impact, and preserve evidence.

Support and validate all IA related functions including installation, configuration, troubleshooting, assistance, and/or training, in response to agency requirements for the NE.

Provide oversight and guidance of IT/IA personnel performing system analysis looking for patterns of non-compliance; ensure appropriate administrative or programmatic actions which minimize security risks and insider threats. Manage account processes, network rights, and access to NE systems and equipment.

Assess the performance of IA security controls within the NE.

Identify IA vulnerabilities resulting from a departure from the implementation plan or that were not apparent during testing.

Provide oversight and guidance ensuring systems are properly configured, optimized, and tested ensuring all policy and technical requirement are met.

Perform control validation and remediation validation of network servers, routers, and switches to ensure they comply with security policy, procedures, and technical requirements.

Evaluate potential IA security risks and take appropriate corrective and recovery action.

Ensure that hardware, software, data, and facility resources are archived, sanitized, or disposed of in a manner consistent with system security plans and requirements.

Perform system audits to assess security related factors within the NE.

Manage all IA related processes and procedures in the develop of and implementation of access control lists on routers, firewalls, and other network devices.

Design, manage and provide continuous monitoring of all defensive systems including intrusion detection systems, firewalls, grid sensors, etc., and enhance rule sets to block sources of malicious traffic.

Provide oversight and guidance of IA personnel implementing applicable patching oversight and validation of all security related updates including IAVAs, IAVBs, and TAs for their NE.

Adhere to IS security laws and regulations to support functional operations for the NE. Implement response actions in reaction to security incidents.

Support Security Test and Evaluations (Part of RMF Process).

Basic Qualifications:

5 Years with Bachelors in Science; 3 Years with Masters; 0 Years with PhD; experience in lieu of degree accepted. Experience to include: Experience with both collateral and/or Special Compartmentalized Information (SCI) security requirements. Aspects of the processes and procedures of a conducting Vulnerability Assessments and apply IA controls. Knowledge of DoD IA requirements and resources including, IAVA Management, and vulnerability assessments and remediation.

Must have one or more of the following certifications: Security Certifications: CISSP, SSCP, GCIA, Security .

Active TS/SCI (TOP SECRET security clearance with a Special Clearance Investigation).

Preferred Experience:

Working knowledge of ACAS, SCAP, and other assessment tools.

Certification and Accreditation (C&A) experience.

Assesses and mitigates system security threats/risks

Performs system certification and accreditation planning and testing and liaison activities

Performs security engineering analysis, risk analysis, and vulnerability studies on systems and applications under development.\

Information Assurance tests

IV&V Systems Scans

Documents written

Security Concept of Operations (SCONOPS)

System Security Plan (SSP)

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit U.S. Citizenship is required for most positions.

Meet Some of Northrop Grumman's Employees

Jacqueline T.

Electrical Engineer

Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.

Jonathan M.

Electronics Engineer

Jonathan works with avionics industry subject matter experts to come up with new feature developments before implementing those ideas in the Northrop Grumman laboratory.

Back to top