Principal/Senior Principal Cyber Analyst
- Locations:
- Roy, Utah, United States
- Security Clearance:
- Top Secret
About Northrop Grumman
Northrop Grumman solves the toughest problems in space, aeronautics, defense and cyberspace to meet the ever-evolving needs of our customers worldwide. Our 90,000 employees are Defining Possible every day using science, technology and engineering to create and deliver advanced systems, products and services. Northrop Grumman careers and internships are as varied as your interests, with a lifetime of potential that will allow you to work together with people from many backgrounds, personal passions and disciplines.
Description
At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.The Classified Solutions Cybersecurity will support the programs EMD environments by maintaining the Bodies of Evidence needed for their ATOs.
The qualified candidate can either operate as a Principal or Senior Principal Cyber Security analyst and will leverage their skills in helping maintain and update the SSP, POAM, SCTM, RAR, Polices, Procedures, etc. for all environments and work with customer and program leadership to ensure a strong security posture while maintaining program needs to meet tight timelines.
The qualified candidate will be based in Roy, Utah and will also work with a team of senior cyber professionals to help mentor and train junior cybersecurity professionals as emerging subject matter experts.
Roles and Responsibilities Include:
• Collaborate with suppliers in a matrixed environment in support of various ATO supporting activities.
• Establish strict program control processes to ensure mitigation of risks and support obtaining certification and accreditation of systems; this includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections, and periodic audits.
• Assist in the implementation of the required government policy (JSIG) and make recommendations on process tailoring and participate in and document process activities.
• Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
• Support the formal Security Test and Evaluation (ST&E) required by each government authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
• Document the results of Assessment and Authorization activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M.
• Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.
This role may be hired at the Principal or Senior Principal level, depending on the years of experience each candidate brings.
Basic Qualifications for a Principal Level:
- Bachelor’s Degree with 5 years of related experience, master's degree and 3 years of related experience, or PhD with 2 years of related experience. An additional 9 years of experience may be considered in lieu of degree.
Basic Qualifications for a Senior Principal Level:
- Bachelor’s Degree with 8 years of related experience, master's degree and 5 years of related experience, or PhD with 3 years of related experience. An additional 11 years of related experience may be considered in lieu of degree.
- DoD IAT Level III Certified Information Systems Security Professional (CISSP) Certification
- Active Top Secret Clearance is required to start.
- Experience in planning and configuring enterprise-level security tools, including the configuration, installation, and operations and maintenance (O&M) of Splunk, Trellix, and Tenable
- Knowledge of Risk Management Framework (RMF), Security Technical Implementation Guide (STIG), and requirements development from control listings.
- Proficient in managing multiple responsibilities related to the engineering and implementation of Program Security Information and Event Management (SIEM)/Security Orchestration, Automation, and Response (SOAR) tools.
- Capable of assessing the Program's system security posture in compliance with customer requirements and directives.
- Adept at adjusting commercial security methodologies and technologies within sensitive and proprietary customer environments in accordance with NIST 800-53.
- Experience with RMF (NIST 800-37) accreditation functions, including documentation, scanning, assessment, Plan of Action and Milestones (POAM) management, and all steps of the RMF process.
Preferred Qualifications:
- The ideal candidate will have a Bachelor’s Degree in Cyber Security, Information Security, or similar STEM related discipline, to include 6 years of ISSO/ISSM experience with RMF
- Diverse classified information systems security / information assurance background
- Prior experience communicating with customer and program leadership
- Active Top Secret/SCI security clearance, with current SAP/SAR access, is highly desirable