Systems Security Analyst/Engineer

Northrop Grumman Technology Services sector is seeking a Systems Engineerto join our team of qualified, diverse individuals. This position will be located in McLean, VA. The qualified applicant will become part of Northrop Grumman's Department of State (DOS) Consular Systems Modernization (CSM) Program, for the Bureau of Consular Affairs (CA). This initiative is intended to modernize and consolidate the operational environment under a common technology framework in order to better support the services provided to CA's customers.

Roles and Responsibilities:
Perform security engineering including security architecture development including on hybrid cloud based environments
Recommend and implement automated means that will improve the performance and reliability of the system including scripting, integration, problem resolution, and configuration management.
Ability to perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments.
Establish strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction, and release, emerging technology research inspections and periodic audits.
Perform analysis to validate established security requirements and to recommend additional security requirements and safeguards.
Support the formal security test and evaluation (ST&E) required by each government accrediting authority through pretest preparations, participation in the tests, analysis of the results and preparation of required reports.
Perform IA related support functions including installation, configuration, troubleshooting, assistance, and /or training, in response to agency requirements for the network environment.
Document the results of Assessment and Authorization activities and technical or coordination activity and prepare the system security plans and update the Plan of Actions and Milestones POA&M. Work with ISSO to support analysis and review of IA test results
Perform code security scans/reviews, security patch assessments and works with development teams upon customer approval to test and install patches in multiple development/test environments
Examine potential security violations to determine if the Network Environment has been breached, assess the impact, and preserve evidence.


Basic Qualifications:
To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
Bachelor's degree in Computer Science or related field and 15 years' experience
At least 5 years of experience in the role of systems security analyst supporting ongoing operations and transitioning-in new systems
At least 3 years of experience in working on compliance of systems with NIST 800-53
Thorough and demonstrated understanding of cloud (IaaS/PaaS/SaaS) controls and migration to public and government Clouds in compliance with FedRAMP based classifications
Experience using tools such as CAST and SonarQube for quality and security compliance of software code
Excellent communication skills, both verbally and in writing
Experience with employment of CONOPS for the development of system architectures and requirements that are optimized to meet the customer's operational needs at lowest cost
Experience including network/communication hardware and protocols, COTS and open-source products, and other infrastructure components in an MBE approach
SANS or ISC2 program certifications such as CISA, CISSP.
Must have a current, active Secret (or higher) clearance. An interim clearance may be considered.

Preferred Qualifications:
Candidates with these desired skills will be given preferential consideration:
Experience implementing an Agile, preferably SAFe, development methodology
Experience in cloud based environments including deploying solutions on public/hybrid clouds
Experience implementing DevSecOps for large program using Agile, preferably SAFe, development methodology using platforms such as SonaType
Experience implementing DevSecOps for a Cloud-based system on a modernization program ensuring existing applications and systems are modernized to satisfy legacy functional requirements
Experience with IBM Rational Collaborative Lifecycle Management

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit . U.S. Citizenship is required for most positions.${descr2}${descr3}

Back to top