Principal Cyber Systems Engineer/Senior Principal Cyber Systems with Security Clearance
Northrop Grumman 160900.00 US Dollar . USD Per annum
2024-11-05 08:38:43
Colorado Springs, Colorado, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Requisition ID: R Category: Information Technology Location: Colorado Springs, Colorado, United States of America Clearance Type: Secret Telecommute: No- Teleworking not available for this position Shift: 1st Shift (United States of America) Travel Required: Yes, 10% of the Time Relocation Assistance: Relocation assistance may be available Positions Available: 2At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. Overview As a cyber systems engineer for the JTAGS program, you will play a pivotal role in building and sustaining the robust cybersecurity posture of the program's classified systems and networks used for development, integration, test, training, and operations. This is a mid- to senior-level role and an integrated program team (IPT) leadership position, and it includes a balance of program-facing leadership duties (e. g., meetings, work product reviews, program status, schedule management, etc.) and hands-on technical work with your team. This position is an individual contributor position, not a functional management position with direct reports. You will be responsible for leading a team of cyber engineers and analysts to on-schedule, on-budget completion of all efforts to achieve quality outcomes for the program and its stakeholders. These activities include but are not limited to: Participating in cross-functional team coordination meetings, including weekly program flow down, program management status, and daily technical scrum meetings Collaborating with other IPT leads and interfacing with program leadership to ensure the program satisfies all cybersecurity requirements Leading development and maintenance of cybersecurity team standard operating procedures (SOPs) and other documentation as needed to ensure reliable, repeatable task execution Balancing a variety of duties ranging from micro-level tasks to macro-level projects Delegating responsibilities and assignments to team members while maintaining accountability and appropriate oversight Evaluating and onboarding new members to the cybersecurity team to support the needs of the program Managing and delivering the system POA&M Performing vulnerability assessments and compliance audits of systems and networks Performing quarterly IA/cybersecurity patching and development of patch lists Selecting DISA STIGs and hardening systems Sustaining the system's Trellix endpoint security solutions products Developing and verifying system, sub-system, and component level requirements derived from the SP800-53 security and privacy controls with the appropriate overlays Supporting development, verification, and validation of system design changes while maintaining or improving cybersecurity compliance Leading execution of a security impact assessment prior to any system modification, such as software patching, OS upgrade, new hardware, etc. Serving as the key stakeholder in maintaining an ongoing Authority to Operate (ATO) accreditation for all test and operational systems Working closely with other technical IPTs to develop and maintain robust, complete, and accurate documentation of the system baseline, to include drawings, diagrams, parts lists, software lists, etc. Working closely with other technical IPTs to verify system design changes, ranging from minor system fixes to large-scale system capability changes Identifying, assessing, and handling risks and opportunities that impact program schedule, budget, and/or technical performance Participating in future proposal work, including basis of estimate and statement of work development for cybersecurity activities Developing and maintaining a close working relationship with our US Space Force customer Staying up-to-date on the latest cybersecurity news, trends, threats, and developments across the defense industry Identifying and evaluating new processes, tools, capabilities, and/or resources that can be utilized to improve system cybersecurity compliance and/or program execution of the RMF
If you have a passion for cybersecurity and supporting the critical mission of our warfighters, this position is for you! This role is full-time and in-person at the COCO-01 Northrop Grumman facility in a classified closed area environment. Duties will require occasional support at Ft. Carson in Colorado Springs, CO (about 15-20 mins drive from the NG facility). Travel is not anticipated for this role, but openness to potential future short-term CONUS and OCONUS travel assignments is preferred. Note: a non-expired passport is preferred but not required. Basic Qualifications For a Principal Cyber Systems Engineer: 5 years relevant cybersecurity experience with Bachelors degree in cybersecurity or related STEM field, or 3 years relevant experience with Masters degree in cybersecurity or related STEM field; 4 years of additional experience may be considered in lieu of degree. For a Sr. Principal Cyber Systems Engineer: 9 years relevant cybersecurity experience with Bachelors degree in cybersecurity or related STEM field, or 7 years relevant experience with Masters degree in cybersecurity or related STEM field; 4 years of additional experience may be considered in lieu of degree. Active IAT Level II (CompTIA Security+) certification Active Secret security clearance Excellent written and verbal communication skills with subordinates, peers, and leaders Strong organizational and time management skills Intermediate proficiency in RHEL OS command line and/or Windows PowerShell Applies intermediate to advanced technical expertise and skillset to independently lead a team in cybersecurity projects and tasks IAW required DoD security and cybersecurity instructions, policies, frameworks, etc., including:
Identifying, assessing, and handling risks and opportunities that impact program schedule, budget, and/or technical performance Developing and maintaining POA&M(s) Scanning, reporting, remediating and/or mitigating cybersecurity vulnerabilities discovered through use of audit reduction tools and/or the DISA Automated Security Compliance Assessment Solution (ACAS) tool (Tenable Security Center and Tenable NESSUS Scanner) Performing STIG compliance scans using Xylok or other STIG scanning tools Identifying & applying DISA STIGs/hardening systems Performing routine system and network patching Possesses intermediate to advanced understanding and experience with NIST SP 800-37 RMF for DoD Systems, including
Can navigate a team to success IAW NIST/DoD RMF processes Has intermediate to advanced knowledge of SP 800-53 security and privacy controls, as well as selecting and applying the appropriate overlays Has proven ability to evaluate system and network configurations for compliance with Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIG), NIST 800-53 Security Controls and ISO/IEC 15408 Common Criteria to formulate and implement effective, high quality RMF accreditation packages
Preferred Qualifications For a Principal Cyber Systems Engineer: intermediate to advanced knowledge of security risks & strategies, SIEM, antivirus, proxies, firewalls, and intrusion detection concepts, tools, and processes For a Senior Principal Cyber Systems Engineer: advanced knowledge of security risks & strategies, SIEM, antivirus, proxies, firewalls, and intrusion detection concepts, tools, and processes Experience in team leadership or management of individual contributors Experience with gaining and/or maintaining ATO accreditation and working with the SCA Experience developing Ports, Protocols, and Services Matrix (PPSM) IAW DoD Instruction 8551.01 Experience developing and managing a schedule for cybersecurity activities, including cross-functional collaboration on interdisciplinary projects and program milestones Experience implementing DevSecOps practices and principles for release management Experience and working knowledge of control account management (CAM) Experience or skillset with Microsoft Project for scheduling Experience with satellite communications ground system(s) and/or missile warning system(s) Experience supporting US Space Force development or sustainment program(s) as a defense contractor Working knowledge and/or experience with JIRA for task assignment, status tracking, and execution Beginner skillset and/or familiarity with Trellix Endpoint Security Solutions (ESS) Experience with Hyper-V and/or VMware
Possesses experience and understanding of Patch Management including tools such as Windows Server Update Services (WSUS) and Red Hat Satellite Server Possesses working knowledge and experience with Splunk
Has experience with configuration of Splunk Forwarders, Splunk Indexes, and Splunk Enterprise Has experience with development of Splunk Enterprise dashboards to aid in audit log analysisSalary Range: $107,300 - $160,900
Salary Range 2: $133,000 - $199,600
The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market condit