Cyber Systems Engineer (principal or Senior Principal Level)

Northrop Grumman Northrop Grumman · Aerospace · Redondo Beach, CA +2 · Systems/Architecture/Test

Cyber Systems Engineer role at Northrop Grumman focused on applying Risk Management Framework (RMF) to identify, assess, and mitigate cybersecurity risks for new and existing platforms. Responsibilities include designing, developing, integrating, testing, and verifying system-security solutions, and producing required RMF artifacts to obtain and sustain Authority to Operate (ATO). Requires hands-on experience with NIST SP 800-53, SDLC, and security compliance tools.

What you'd actually do

  1. play a pivotal role in both new system development and the ongoing sustainment of existing platforms by applying a solid working knowledge of the Risk Management Framework (RMF) to identify, assess, and mitigate cybersecurity risks.
  2. design, develop, integrate, test, and verify system‑security solutions, ensuring that each RMF step, from categorization through continuous monitoring produces the required artifacts: Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment Report (RAR), System Security Plan (SSP), Plan of Action & Milestones (POA&M), Security Control Traceability Matrix (SCTM), and Continuous Monitoring (ConMon) documentation needed to obtain and sustain an Authority to Operate (ATO).
  3. hands‑on experience with NIST SP 800‑53 and a solid understanding of the Systems Development Life Cycle (SDLC), including the key engineering milestones (PDR, CDR, SFR, TRR) and the associated cybersecurity deliverables required at each engineering phase.
  4. creating and maintaining the full suite of compliance documentation, adept at embedding security controls directly into development pipelines, and possess strong communication skills to work effectively with architects, developers, program managers, and auditors throughout the acquisition and systems development lifecycles.
  5. understand: Direct experience developing RMF assessment and authorization artifacts in accordance with NIST SP 800-37

Skills

Required

  • Bachelors degree in a STEM field or equivalent experience
  • Risk Management Framework (RMF)
  • NIST SP 800-53
  • Systems Development Life Cycle (SDLC)
  • Security compliance tools (e.g., ACAS, SCAP, STIG, SCC)
  • Secret or higher clearance
  • Ability to obtain SAP clearance

Nice to have

  • NIST 800-160 system security engineer
  • Cyber Survivability Endorsement Implementation Guide (CSEG)
  • Cyber Resiliency
  • Model Based System Engineering (MBSE)
  • Requirement decomposition, derivation, and flow down
  • Traceability of requirements
  • Cybersecurity system requirements verification/validation methods
  • Contractual requirements
  • Weapon Systems experience
  • CompTIA Security+

What the JD emphasized

  • Secret or higher clearance
  • Special Access Program (SAP) clearance