Northrop Grumman Computer Systems Security Analyst 4 in Washington, District Of Columbia
Computer Systems Security Analyst 4
Requisition ID: 18000350
Location(s): United States-District of Columbia-Washington
US Citizenship Required for this Position: Yes
Relocation Assistance: No relocation assistance available
Northrop Grumman Technology Services sector is seeking a Computer Systems Security Analyst 4 to join our team of qualified, diverse individuals. This position will be located in Washington DC.
The qualified applicant will become part of Northrop Grumman's ITSS4 WPR2 providing support to the Department of Justice (DOJ), Justice Management division's Cyber Security Support staff performing Cyber Security Analysis for DOJ.
Roles and Responsibilities:
• Develop and coordinate all authorization documentation associated with the DOJ processes including the Systems Categorization, Systems Security Plan, and Systems risk assessment
• Act on the behalf of the Information System Security Officer (ISSO) to the supported component
• Support the control assessment, reporting and monitoring processes using the Cyber Security and Assessment Management (CSAM) system
• Support and document security controls tests, assist in remediation and ensure that POA&Ms are being appropriately managed.
• Assist the components with decisions that affect security of their systems and networks.
• Conduct assessments of information systems security requirements, evaluate current security posture and recommend priorities for remediation.
• Review information system infrastructure and application architecture to assess security requirements
• Review existing SA&A documentation, Security Assessment Report and security infrastructure (i.e. IDS, firewalls, vulnerability scan tools, etc.)
• Assess NIST 800-53, Rev 4. Controls and document results in DOJ CSAM repository.
• Perform and document risk assessments, analyzing security vulnerabilities, and the metrics to measure the risks associated with those vulnerabilities;
• Design and develop comprehensive Systems Security Plan, covering at a high level the infrastructure, policies and procedures which define the systems security profile for the analyzed systems;
• Develop Systems Security Users Guides specific to selected networks, desktop computers, servers and data base systems;
• Design, develop, and validate System Test and Evaluation (ST&E) reviews for new and/or legacy systems.
• Review and conduct NIST-based Self Assessments, identifying any weaknesses which need to be addressed, and developing a POA&M for each of those weaknesses based on industry best practices.
• Design and develop Initial Privacy Assessment (IPA) and Privacy Impact Assessments (PIAs) for each major Federal Government IT Systems
• Develop and conduct System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs) of the security profiles of Federal Government IT Systems
To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
• Bachelor's degree in a related field and 9 years’ experience. An additional 4 years of experience may be substituted in lieu of degree.
• 8 years’ experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
• 8 years’ experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
• 8 years IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security C&A (or SA&A) and ATO on a range of systems including classified systems
• Strong working knowledge with NIST Special Publications and the NIST SP 800-37 SA using CSAM system
• Strong working knowledge working with software package Digital Guardian
• Active Top Secret clearance.
Candidates with these desired skills will be given preferential consideration:
• 8 Years’ experience and a Bachelors in Science in Information Technology or Cyber Security
• Certified Information Systems Security Professional (CISSP) - maintained and current
• Certified Information Security Manager (CISM) - maintained and current
• Experience conducting FISCAM-based security audits of Federal Government IT Systems.
• Experience with DISA STIG configuration requirements
• Certified Information Systems Auditor (CISA) certification - maintained and current.
• Certified Authorization Professional (CAP) - maintained and current
• Experience with Department of Justice information systems.
• Experience with the use of the DOJ CSAM application.
• Security Tool experience (e.g. Splunk, FoundStone, Nessus/Tenable, DBProtect, AppDetective, Tivoli/BigFix, Sharepoint, Guardium, WebInspect).
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO . U.S. Citizenship is required for most positions.
Title: Computer Systems Security Analyst 4
Location: District of Columbia-Washington
Requisition ID: 18000350