Northrop Grumman Technology Services sector is seeking a Security Lead to join our team of qualified, diverse individuals. This position will be located in McLean, VA. The qualified applicant will become part of Northrop Grumman's Department of State (DOS) Consular Systems Modernization (CSM) Program, for the Bureau of Consular Affairs (CA). This initiative is intended to modernize and consolidate the operational environment under a common technology framework in order to better support the services provided to CA's customers.
Roles and Responsibilities:
- Ensure compliance with all systems security requirements and updates, providing guidance and instruction as necessary to personnel
- Evaluate security documentation for compliance with application security policy and FISMA and DOS security guidelines
- Ensure Configuration Management (CM) for security-relevant software, hardware, and firmware is documented and maintained
- Support certification and accreditation activities ensuring that system security requirements are followed
- Support the Government in defining and resolving Plan of Action and Milestones (POAMs)
- Support Cloud Security including Cloud-based Identity and access management roles, policies, resources and credentials and user provisioning, SAML, openid auth, etc.
- Make recommendations on system configurations, access controls, and systems administration
- Initiate protective and corrective measures when a security incident or vulnerability is discovered
- Monitor system recovery processes and ensure the proper restoration of an application security feature.
To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
- Bachelor's degree in a related field and at least 15 years' experience
- Experience as a Security Engineer supporting software architecture and/or application development
- Experience performing day-to-day Information System Security responsibilities for system / product teams and working with system administrators to implement security controls and remediated vulnerabilities
- Proven ability to perform hands-on security test & evaluation of large-scale, complex systems against current NIST standards
- Experience in a technical role, providing technical expertise for software intensive projects and programs for Government or Industry customers
- Ability to coordinate with program management and other stakeholders to track and maintain risks associated compliance with security requirements and national level directives
- Excellent communication skills, both verbally and in writing to effectively interact with multiple teams both internal and external
- Must have a current, Interim Secret (or higher) clearance. Interim clearance may be considered.
Candidates with these desired skills will be given preferential consideration:
- Experience in cloud based environments including deploying solutions on public/hybrid clouds
- Experience implementing DevSecOps for a large program using Agile, preferably SAFe, development methodology
- Experience implementing DevSecOps for a Cloud-based system on a modernization program ensuring existing applications and systems are modernized to satisfy legacy functional requirements
- Experience with IBM Rational Collaborative Lifecycle Management
- Knowledge of cybersecurity tools such as Nessus and NMAP including installation procedures, execution of tools, and analysis of tool output
- Current in at least one of the following 8570 IAT Level III certifications: CASP, CISSP, CISA, GCED, GCIH or GSEC
- Experience with any of the following COTS security tools: CORE Impact, SPLUNK, AppScanner, HP Fortify, SwampBox, etc.
Back to top