Principal/sr. Principal Independent Assessment Engineer (aht)

Northrop Grumman Northrop Grumman · Aerospace · Rome, NY +1 · Cyber

This role involves assessing implemented security controls within information systems for the DAF CLOUDworks program at the Air Force Research Lab (AFRL). The engineer will conduct independent assessments of management, operational, and technical security controls, focusing on cloud security, infrastructure, and DevSecOps practices. Experience with security assessment tools and frameworks like RMF, ACAS, and eMASS is required.

What you'd actually do

  1. Conduct independent, comprehensive assessments of the management, operational, and technical security controls implemented within information systems.
  2. Assist the program developing methods to monitor and measure risk, compliance, and assurance efforts.
  3. Validate the implementation of DISA STIGs and Security Requirements Guides (SRGs) utilizing ACAS (Tenable Nessus) and SCAP Compliance Checker.
  4. Manage cybersecurity risk and compliance using software platforms (XACTA, eMASS).

Skills

Required

  • Secret clearance
  • IAT Level II certification (or ability to obtain within 60 days)
  • Technical knowledge of infrastructure components (network, storage, Linux/Windows)
  • Knowledge of IT security concepts
  • Familiarity with Cloud-based technologies (AWS, Azure, Google Cloud)
  • Familiarity with Infrastructure as Code (IaC), containerization (Docker, Kubernetes), or DevSecOps
  • Knowledge of IT security assessment, monitoring, detection, and remediation tools and procedures
  • Knowledge of the Security Assessment and Authorization process
  • Knowledge of network security architecture concepts
  • Knowledge of Risk Management Framework (RMF) requirements
  • Familiarity with ACAS (Tenable Nessus) and SCAP Compliance Checker
  • Familiarity with XACTA, eMASS

Nice to have

  • Relocation assistance
  • TS/SCI clearance (for Principal)
  • Top Secret/SCI clearance (for Sr. Principal)

What the JD emphasized

  • Active Secret clearance
  • Able to obtain IAT Level II certification per DoD 8570.01
  • Knowledge of the Security Assessment and Authorization process.
  • Knowledge of Risk Management Framework (RMF) requirements.