RELOCATION ASSISTANCE: Relocation assistance may be available
CLEARANCE REQUIRED FOR START: Yes
CLEARANCE TYPE: Top Secret
TRAVEL: Yes, 10% of the Time
Description
At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.
Northrop Grumman Defense Systems (NGDS) is seeking an Independent Security Assessor to assess implemented security controls as documented in the System Security Plan in support of DAF CLOUDworks at the Air Force Research Lab (AFRL) in Rome, NY. The Independent Security Assessor will report directly to the Authorizing Officer (AO) while conducting independent, comprehensive assessments of the management, operational, and technical security controls implemented within information systems. DAF CLOUDworks is a rapidly growing secure cloud program that encompasses 10+ teams supporting information security, infrastructure development, and cloud migration. Along with operations and sustainment, DAF CLOUDworks focuses on modifying and enhancing offerings to implement new requirements, enhance functionality, increase efficiency, or lower operating/deployment. Successful candidates should have a track record as an effective communicator and problem solver who is able to develop and maintain good working relationships with internal and external stakeholders.
*this position is contingent upon funding/award
**Basic Qualifications for a Principal Independent Assessment Engineer **
Candidates must meet ALL of the following basic criteria for a Principal Independent Assessment Engineer:
Have one of the following
- A high school diploma with 9 years of relevant experience
- A bachelor’s degree with 5+ years of relevant experience
- A master’s degree with 3+ years of relevant experience
- A PhD in with 1+ years of relevant experience
Active Top Secret clearance with Sensitive Compartmented Information (SCI) eligibility
Able to obtain IAT Level II certification per DoD 8570.01 such as CompTIA Security+ (formerly CASP+) or CompTIA Security+ within 60 days of start date.
Technical knowledge of infrastructure components, including network, storage, Linux/Windows, and IT security concepts
Working knowledge and/or familiarity with Cloud-based technologies (AWS Platform, Azure Platform, Google Cloud)
Ability to assist the program developing methods to monitor and measure risk, compliance, and assurance efforts.
Familiarity with Infrastructure as Code (IaC), containerization (Docker, Kubernetes), or DevSecOps
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
Knowledge of the Security Assessment and Authorization process.
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of Risk Management Framework (RMF) requirements.
Familiarity with utilizing ACAS (Tenable Nessus) and SCAP Compliance Checker to validate the implementation of DISA STIGs and Security Requirements Guides (SRGs).
Familiarity with software platforms used to manage cybersecurity risk and compliance (XACTA, eMASS)
**Basic Qualifications for a Sr. Principal Independent Assessment Engineer **
Candidates must meet ALL of the following basic criteria for a Sr. Principal Independent Assessment Engineer:
Have one of the following
- A high school diploma with 12 years of relevant experience
- A bachelor’s degree in a STEM (Science, Technology, Engineering or Math) related field with 8+ years of experience
- A master’s degree in a STEM (Science, Technology, Engineering or Math) related field with 6+ years of experience
- A PhD in a STEM (Science, Technology, Engineering or Math) related field with 4+ years of experience
Active Department of Defense Top Secret/Sensitive Compartmented Information security clearance.
Able to obtain IAT Level II certification per DoD 8570.01 such as CompTIA SecurityX (formerly CASP+) or CompTIA Security+ within 60 days of start date.
Extensive technical knowledge of infrastructure components, including network, storage, Linux/Windows, and IT security concepts
Extensive expirience with Cloud-based technologies (AWS Platform, Azure Platform, Google Cloud)
Ability to independently develop methods to monitor and measure risk, compliance, and assurance efforts.
Expirience with Infrastructure as Code (IaC), containerization (Docker, Kubernetes), or DevSecOps
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
Knowledge of the Security Assessment and Authorization process.
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of Risk Management Framework (RMF) requirements.
Expertise utilizing ACAS (Tenable Nessus) and SCAP Compliance Checker to validate the implementation of DISA STIGs and Security Requirements Guides (SRGs).
Expertise with software platforms used to manage cybersecurity risk and compliance (XACTA, eMASS)
Preferred Qualifications:
CompTIA SecurityX or CompTIA Security+ certification or IAT Level II equivalent per DoD 8570.01
Fundamental cloud certifications such as:
- AWS Platform (Cloud Practitioner or higher certification)
- Azure Platform (Azure Fundamentals or higher certification)
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Skill in applying confidentiality, integrity, and availability principles.
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Ability to manage and oversee system authorization packages and Plan of Action and Milestones within the Enterprise Mission Assurance Support Service (eMASS) or XACTA to ensure timely remediation of identified risks.
Primary Level Salary Range: $103,600.00 - $155,400.00
Secondary Level Salary Range: $129,300.00 - $193,900.00
The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.
Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.
The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.
Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit http://www.northropgrumman.com/EEO. U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.