Adversaries, cybercriminals and cyber terrorists, are working every hour of every day to develop new means to compromise networks, to seize valuable intellectual property and personal data, and to gain an advantage on the digital battlefield. At Northrop Grumman, our mission is to see to it that they fail. Speed, stealth and precision - keys to controlling the physical domains of land, sea, air and space - are imperatives in controlling the cyber domain. Our talented employees make advances every day based on these imperatives and are committed to providing the most advanced protection for our customers against the rapidly evolving cyber threat spectrum. Our company is trusted with securing some of the most high-risk systems and continues to be the trusted provider of mission enabled solutions for the security or our nation and allies. This is without a doubt one of the most exciting times to join our team. So come join us and experience the value of performance.
Northrop Grumman Mission Systems is seeking a Principal Information Systems Security Officer (ISSO) to join our team of qualified, diverse individuals located in Suitland or Annapolis Junction.
Roles and Responsibilities:
* The expectation of the duties and responsibilities for the ISSO requires direct communication with the ISSM and system administrators. See below task list of ISSO requirements:
* Embedded in the implementation and lifecycle stages of assigned systems and serve as point of contact on all matters of cybersecurity
* Collaborate with System Administrators for remediation on all aspects of security
* Configuration Management/Portfolio Management for assigned systems:
* Actively participate in Configuration Management for assigned system(s)
* Coordination with CM on hardware and software approvals for assigned system (s)
* Report vulnerabilities (RAR & POA&M) through eMASS and Xacta IA Manager as required to system administrators for remediation action
* Coordinating system security requirements with system administrators and assisting with development, maintenance, and tracking of the System Security Plan
* POA&M development, tracking, and resolution. Identifying resources, milestones, and estimated completion dates to the POA&M with system administrators
* Monitoring 000 and Navy Cybersecurity Tools (ACAS, HBSS, Auditing, etc) for compliance and reporting remediation task requirements with system administrators feedback
* Maintaining information assurance vulnerability alert (lAVA), bulletin (lAVE), and Communications Task Order (CTO) compliance and reporting.
* Maintaining and reporting system's A&A status and issues. Ensure all IS security-related documentation is current and accessible to properly authorized individuals
* Developing, tracking, resolving, and maintaining the SP for assigned systems
* Managing POA&M entries and ensuring vulnerabilities are properly tracked, mitigated, and resolved
* Maintaining STIG Test Plan to include new applicable STIG versions release on a quarterly basis. Provide deltas from the previous STIG to Program for testing and update STIG check list
* Assisting with identification of security control baseline set and any applicable overlays; coordinating security control validation with system administrators
* Overseeing cybersecurity testing to assess security controls; recording security control compliance status
* Overseeing initial risk assessment and the recording in the SAR of the deficiency and risk level
* Overseeing remediation actions on the non-compliant security control findings from the SAR and reassess remediation control(s)
* Assessing periodically the quality of security control implementation against performance indicators of system administrators
* Planning and performing cybersecurity testing to assess security controls and recording security control compliance status during sustainment
* Identify and analyze system malfunctions with a view towards security incidents/violations
* Identify and monitor system administrators Privileged User access
* Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and procedures as outlined in the accreditation and certification support documentation package
* Submit mitigation plans prior to the due date for those assets requesting implementation extensions. Mitigation plans must be as detailed as possible to include precautions taken and expected completion dates as they are reviewed closely by NCDOC for approval.
* Enforce Vulnerability Management Policy and Procedures to ensure the efficient to keep up with the demands for updated software versions as required to minimize the time of exposure to reduce or mitigate every attack vector.
* Ensure audit trails are conducted and reviewed and records are maintained. The audit record should be available upon demand, and include a chronological record of individual user actions, and be able to reconstruct the events
* Bachelor's degree in cybersecurity, or a related technical field, plus two (2) years of experience in Cybersecurity, Systems Engineering, Systems Administration.
* Current, active Top Secret with SCI Eligibility.
* Active (ISC)2 CISSP certification
* Experience in providing security support to Unix/Linux environment.
* Master's degree in cybersecurity, or a related technical field, plus 8 years of experience in Cybersecurity, Systems Engineering, Systems Administration.
* EMASS and/or Xacta application experience
* Nessus, Nmap, ACAS, and/or HBSS application experience
* Custom scripting experience (language agnostic)
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.
About Northrop Grumman
Northrop Grumman is a provider of autonomous systems, strike, logistics, C4ISR, and cyber solutions for government and commercial customers.