Independent Assessment Engineer/ Principal Independent Assessment Engineer (aht)

Northrop Grumman Northrop Grumman · Aerospace · Rome, NY +1 · Cyber

This role involves assessing implemented security controls for cloud-based systems within a defense context, focusing on management, operational, and technical security. It requires knowledge of IT security concepts, cloud technologies, DevSecOps, and specific assessment tools and frameworks like RMF, ACAS, and eMASS. The position is for an Independent Security Assessor at Northrop Grumman.

What you'd actually do

  1. Conduct independent, comprehensive assessments of the management, operational, and technical security controls implemented within information systems.
  2. Assist the program developing methods to monitor and measure risk, compliance, and assurance efforts.
  3. Evaluate, implement, and disseminate information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  4. Validate the implementation of DISA STIGs and Security Requirements Guides (SRGs) using ACAS and SCAP Compliance Checker.
  5. Manage cybersecurity risk and compliance using platforms like XACTA and eMASS.

Skills

Required

  • High school diploma with 6 years of relevant experience OR Bachelor's degree with 2+ years of relevant experience OR Master's degree with 0 years of relevant experience
  • Active Secret clearance with the ability to obtain a TS/SCI clearance
  • IAT Level II certification per DoD 8570.01 (e.g., CompTIA Security+) within 60 days of start date
  • Technical knowledge of infrastructure components (network, storage, Linux/Windows)
  • IT security concepts
  • Cloud-based technologies (AWS, Azure, Google Cloud)
  • Risk, compliance, and assurance monitoring methods
  • Infrastructure as Code (IaC), containerization (Docker, Kubernetes), or DevSecOps familiarity
  • Industry methods for IT security assessment, monitoring, detection, and remediation
  • Security Assessment and Authorization process
  • Network security architecture concepts
  • Risk Management Framework (RMF) requirements
  • ACAS (Tenable Nessus) and SCAP Compliance Checker familiarity
  • Software platforms for cybersecurity risk and compliance management (XACTA, eMASS)

Nice to have

  • CompTIA SecurityX or CompTIA Security+ certification or IAT Level II equivalent per DoD 8570.01
  • Fundamental cloud

What the JD emphasized

  • Active Secret clearance with the ability to obtain a TS/SCI clearance.
  • Able to obtain IAT Level II certification per DoD 8570.01 such as CompTIA Security+ (formerly CASP+) or CompTIA Security+ within 60 days of start date.