Senior Information Security Analyst

Northrop Grumman Washington , DC 20319

Posted 3 days ago

Are you interested in the opportunity to work for an industry-leading company whose work with cutting-edge technology is driven by something human: the lives our technology protects? If so, Northrop Grumman may be the place for you. It's not the systems that drive us: it's the soldier our systems bring home. It's not just the equipment that motivates us: it's the people our equipment protects. It's not the innovation that gets us up in the morning: it's whom those innovations serve. We're united by our work to help people and protect the world. And that mission makes our team even stronger.

When you join Northrop Grumman, you'll have the opportunity to connect with coworkers in an environment that's uniquely caring, diverse, and respectful. Employees share experiences, insights, perspectives, and creative solutions with some of the best minds in the industry. We collaborate through integrated product teams, cross-functional teams, and employee resource groups, while thriving through the support of training and development, mentors and every day coaching, along with extensive health and work/life benefits. We're committed to our employees' professional and personal development and success.

Northrop Grumman recruits top talent with traditional and non-traditional backgrounds in order to ensure our team is united, connected, skilled, focused and innovative. An inclusive workplace of people with diverse backgrounds, experiences, and perspectives is the key to our performance. At Northrop Grumman, we want our employees to bring their whole self to work. All your different sides are welcome here, as we believe they make our team, our products and our services, that much better.

Are you interested in expanding your career through experience and exposure, all the while supporting a mission that seeks to ensure the security of our nation and its allies? If so, then Northrop Grumman may be the place for you. As a leading global security company providing innovative systems, products and solutions to customers worldwide, Northrop Grumman offers an extraordinary portfolio of capabilities and technologies. Here at Northrop Grumman we are comprised of professionals that bring different perspectives, are curious about the world, accepting of each other, and understand that the more ideas, backgrounds, and experiences we bring to our work then the more innovative we can be. As we continue to build our talented workforce we look for professionals that exemplify our core values, leadership characteristics, and approach to innovation.

Northrop Grumman is looking for highly skilled, dedicated and motivated cleared professionals to join our team in supporting the Department of State (DOS) Consular Affairs Enterprise Infrastructure Operations (CAEIO) Program, for the Bureau of Consular Affairs (CA). This initiative is intended to provide 24x7x365 IT Operations and Maintenance to networks, applications, and databases supporting CA services globally.

Job Responsibilities:

  • Performs technical planning, system integration, verification and validation, cost and risk, and supportability and effectiveness analyses for total systems

  • Analyses are performed at all levels of total system product to include: concept, design, fabrication, test, installation, operation, maintenance and disposal

  • Ensures the logical and systematic conversion of customer or product requirements into total systems solutions that acknowledge technical, schedule, and cost constraints

  • Performs functional analysis, timeline analysis, detail trade studies, requirements allocation and interface definition studies to translate customer requirements into hardware and software specifications

  • Perform IA and compliance support services to maintain production system security posture, which includes engineering, implementing, operating, and monitoring. This work shall be completed using the policy and guidelines from the CA/CST ISSO

  • Support for the A&A process (a different team/contractor is responsible for overall coordination and management of the A&A process)

  • Support Plan of Action and Milestone (POA&M) findings develop/implement remediation, as assigned by the CA/CST/ISSO as well as POA&M status reporting

  • Support the identification, remediation, tracking, management, and/or validation of findings from other sources outside of the A&A process

  • Maintaining standard configurations in compliance with DOS security standards

  • Manage security compliance using the Group Policy Object (GPO)

  • Support Enclaving /Network segregation.

  • Assist the Information Systems Security Manager (ISSM) in meeting duties and responsibilities

  • Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package

  • Participate in technical and security training (e.g., operating system, networking, security management) relative to assigned duties

  • Conduct weekly systems audits of both automated and manual audit logs

  • Assist with software patch installation, antivirus updates, and conducting security self-reviews

  • Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before gaining access to the IS

  • Provide initial and refresher user training for classified systems

  • User Support - create/modify/delete user accounts; assist with lock-outs

  • Perform continuous monitoring reviews of information systems to ensure compliance with the security authorization package

  • Report all security-related incidents to the ISSM

  • Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly

  • Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM to ensure compliance with configuration management policy

  • Ensure all IS security-related documentation is current and accessible to properly authorized individuals

  • Formally notify the ISSM when changes occur that might affect system authorization

  • Must be available for occasional after hours assistance


Basic Qualifications:

  • 5 years experience with a Bachelors in Science; or 3 years experience with a Masters degree

  • Understand security controls as specified in NIST SP800-53 Rev 4 (or later), Security and Privacy Controls for Federal Information Systems and Organizations

  • Demonstrated experience working as/with Information Security Site Managers (ISSMs) and Authorizing Officials (AOs)

  • Have a thorough understanding of the principles of Information Security including Risk Management Framework (RMF)

  • Demonstrated experience implementing federally mandated and locally developed computer security policies and procedures

  • In-depth knowledge of security and compliance implications in multi-user, multi-platform, and secure distributed computing environments

  • Demonstrated experience writing computer security policies, security procedures, security plans, testing security controls, disaster recovery plans, configuration management plans, and other related documentation

  • Demonstrated experience mentoring staff related to IT security and certification and accreditation processes

  • Ability to effectively communicate and coordinate computer security policies and procedures at all levels both orally and in writing

  • Direct experience implementing technologies to support the continuous monitoring of required computer security controls

  • Demonstrated successful experience working in high-pressure situations such as audits and assessments

  • Also requires a general knowledge of security disciplines in Physical, Program, Personnel and Computer Security

  • US citizenship and Secret Clearance is required at start

Preferred Qualifications:

  • Bachelor's degree in Cybersecurity, IT, Computer Forensics & Digital Investigations, Cyber Operations, or a related field

  • Experience in maintaining system logs for audit compliance

  • Experience monitoring computer systems to ensure compliance with computer security requirements

  • Government specified Enterprise Operations and Networks experience

  • Security related certifications

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit U.S. Citizenship is required for most positions.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Database Information Security Engineer Senior

Booz Allen Hamilton Inc.

Posted 3 days ago

VIEW JOBS 3/28/2020 12:00:00 AM 2020-06-26T00:00 Database Information Security Engineer, Senior Key Role: Work under limited supervision and participate in the design, engineering, integration, implementation, testing, deployment, maintenance, review, and administration of the infrastructure, hardware, and software that are required to effectively manage the security and risk posture of the network and resources. Assist with developing system concepts and apply the systems engineering life cycle to translate strategic Cyber objectives, technology, and environmental conditions into engineering outcomes and solutions. Assist with selecting and applying processes and methodologies to meet Cyber performance objectives. Assist with analyzing trends and emerging technologies for potential program modernization. Configure cyber systems to meet user requirements. Support the acquisition of hardware and software, as needed. Basic Qualifications: * 4+ years of experience in database security, including secure database configuration, database monitoring, and database vulnerability assessments with a focus on Imperva SecureSphere * 3+ years of experience with information security and Cybersecurity engineering or security operations * 2+ years of experience with the design and implementation of enterprise-wide security controls to secure systems, applications, networks, or infrastructure services * Experience with security tools and devices, including network firewalls, Weby proxy, intrusion prevention systems, vulnerability scanners, or penetration tools * Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP * Knowledge of TCP/IP networking concepts and DNS, including using packet analysis tools, such as Wireshark or tcpdump * Ability to obtain a security clearance * BA or BS degree * Active SANS GIAC Security Certification Additional Qualifications: * 2+ years of experience in one of the following areas: building and administering security devices, including network firewall, Web proxy, data loss prevention systems, and intrusion prevention systems, building and administering Windows Server and Active Directory, building and administering Linux- and UNIX-based systems, building and administering Network devices, including Cisco or Juniper, conducting dynamic Web application security testing, including manual testing and using application security tools to discover exploitable vulnerabilities, conducting database security assessment and monitoring, managing Cloud security operations, including identity and access control, secure configuration management, network security, enforcement policy scripting, workload security, or data security, and logging and Public Key Infrastructure (PKI) management and data encryption for data-at-rest and data-in transit * Experience with securing enterprise Web applications and OWASP Top 10 * Experience with public Cloud services providers, including Amazon AWS or Microsoft Azure * BA or BS degree in Information Security, Computer Engineering, Information Systems, Telecommunications, or Technology Clearance: Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. We're an EOE that empowers our people-no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic-to fearlessly drive change. #LI-AH1, CJ1 Booz Allen Hamilton Inc. Washington DC

Senior Information Security Analyst

Northrop Grumman