- 175673 - Systems Security Analyst/Engineer - VA - C
- Up to $84.05 DOE
- 7 months, CTH
Northrop Grumman Technology Services sector is seeking a Systems Security Analyst/Engineer to join our team of qualified, diverse individuals. This position will be located in McLean, VA. The qualified applicant will become part of Northrop Grumman's Department of State (DOS) Consular Systems Modernization (CSM) Program, for the Bureau of Consular Affairs (CA). This initiative is intended to modernize and consolidate the operational environment under a common technology framework in order to better support the services provided to CA's customers.
Roles and Responsibilities:
o Perform security engineering including security architecture development including on hybrid cloud based environments.
o Recommend and implement automated means that will improve the performance and reliability of the system including scripting, integration, problem resolution, and configuration management.
o Ability to perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments.
o Establish strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
o Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction, and release, emerging technology research inspections and periodic audits.
o Perform analysis to validate established security requirements and to recommend additional security requirements and safeguards.
o Support the formal security test and evaluation (ST&E) required by each government accrediting authority through pretest preparations, participation in the tests, analysis of the results and preparation of required reports.
o Perform IA related support functions including installation, configuration, troubleshooting, assistance, and /or training, in response to agency requirements for the network environment.
o Document the results of Assessment and Authorization activities and technical or coordination activity and prepare the system security plans and update the Plan of Actions and Milestones POA&M. Work with ISSO to support analysis and review of IA test results
o Perform code security scans/reviews, security patch assessments and works with development teams upon customer approval to test and install patches in multiple development/test environments
o Examine potential security violations to determine if the Network Environment has been breached, assess the impact, and preserve evidence.
Prefer local candidates for face to face interviews.
Bachelor's degree in Computer Science or related field and 15 years' relevant experience.
At least 5 years of experience in the role of systems security analyst supporting ongoing operations and transitioning-in new systems.
At least 3 years of experience in working on compliance of systems with NIST 800-53.
Thorough and demonstrated understanding of cloud (IaaS/PaaS/SaaS) controls and migration to public and government Clouds in compliance with FedRAMP based classifications.
Experience using tools such as CAST and SonarQube for quality and security compliance of software code.
Excellent communication skills, both verbally and in writing.
Experience with employment of CONOPS for the development of system architectures and requirements that are optimized to meet the customer's operational needs at lowest cost.
Experience including network/communication hardware and protocols, COTS and open-source products, and other infrastructure components in an MBE approach.
SANS or ISC2 program certifications such as CISA, CISSP.
Experience implementing an Agile, preferably SAFe, development methodology.
Experience in cloud based environments including deploying solutions on public/hybrid clouds.
Experience implementing DevSecOps for large program using Agile, preferably SAFe, development methodology using platforms such as SonaType.
Experience implementing DevSecOps for a Cloud-based system on a modernization program ensuring existing applications and systems are modernized to satisfy legacy functional requirements.
Experience with IBM Rational Collaborative Lifecycle Management.
Bachelor's degree in Computer Science or related field is required.
Applicants responding to this position will be subject to a government security investigation and must meet eligibility requirements by currently possessing the ability to view classified government information.
Max Cameron at firstname.lastname@example.org
420 Culver Boulevard
Playa Del Rey, CA 90293
Phone: (310) 414-7800 x242 or (800) 927-9318 x242
Candidates responding to this posting must currently possess the eligibility to work in the United States. No third parties please.
Chipton-Ross provides equal employment opportunities to all employees and applicants for employment without regard to race, color, creed, religion, national origin, sex (including pregnancy), age, disability, sexual orientation, gender identity and/or expression, protected veteran status, genetic information, or any other characteristic protected by Federal, State or local law. This policy governs all areas of employment at Chipton-Ross, including recruiting, hiring, training, assignment, promotions, compensation, benefits, discipline, and terminations.