Principal Cybersecurity Analyst - R10227862

Responsibilities

• Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, and/or local policy.
• Establish strict program control processes to ensure mitigation of risks and support obtaining certification and accreditation of systems; this will include support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits.
• Assist in the implementation of the required government policy, make recommendations on process tailoring, and participate in and document process activities.
• Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
• Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
• Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M.
• Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.
• Coordinate all associated Assessment and Authorization activities, which includes all RMF Body of Evidence (BOE) documentation: System Security Plan (SSP), Security Controls Traceability Matrix (SCTM), Control Family Security Operating Plans (SOPs), Continuous Monitoring (ConMon) Plan, Plan of Actions and Milestones (POA&M), etc.
• Ensure compliance with current cyber security policies, concepts, and measures when designing, procuring, adopting, and developing a new system.
• Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Implement security controls to protect the system, in coordination with system stakeholders.

Basic Qualifications

• Master’s degree with 3 years of relevant experience, or a Bachelor’s degree with 5 years of relevant experience, or an Associate’s degree with 7 years of relevant experience; a High School Diploma/GED with 9 years of relevant experience may be considered in lieu of a completed degree.
• Current DoD 8570 IAM level II (or higher) security certification (examples: CGRC/CAP, SecurityX (formally known as CASP+) CE, CCISO, CISM, GSLC, or CISSP); the required certification must be maintained as a condition of continued employment.
• Applicants must have an active DoD Top Secret level security clearance (at a minimum), to include a closed investigation date completed within the last 6 years, or must be enrolled in the DoD Continuous Evaluation Program (CEP) in order to be considered; the required security clearance must be maintained as a condition of continued employment.
• The selected candidate will be required to obtain and maintain a Special Access Program (SAP/SAR) clearance as a condition of continued employment.

Preferred Qualifications

• 3+ years of experience with Assessment & Accreditation (A&A) of classified systems under Risk Management Frameworks (RMF).
• Knowledge of Risk Management Framework (RMF) NIST 800-37 and associated NIST SP 800-53 control families.
• Experience with audit reduction tools (e.g., Splunk Enterprise).
• Knowledge of DISA STIGS, benchmarks, STIG Viewer, and SCAP Compliance Checker.
• Knowledge of risk management framework (RMF) requirements (e.g., NCSRD, DAAPM, JSIG, etc.) and related risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of vulnerability scanning tools (e.g., Tenable Security Center, Nessus Scanner, etc.) to identify, assess, and manage vulnerabilities.

About the Role

We offer flexible work arrangements, phenomenal learning opportunities, exposure to a wide variety of projects and customers, and a very friendly team environment. Our Employee Resource Groups (ERGs) offer opportunities to be a friend, be active, be a volunteer, be a leader, be recognized, and to be yourself. We also offer exceptional benefits, a 9/80 work schedule, and a great 401k matching program.

Compensation

Primary Level Salary Range: $108,800.00 - $163,200.00.

The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.

Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives.

Benefits

In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, company paid holidays and paid time off (PTO) for vacation and/or personal business.

Additional Information

RELOCATION ASSISTANCE: Relocation assistance may be available.

CLEARANCE REQUIRED FOR START: Yes

CLEARANCE TYPE: Top Secret

TRAVEL: Yes, 10% of the Time

Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, visit U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.