Principal Engineer Software - Cyber Security

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. Northrop Grumman Aeronautics Systems is looking for a Principal Software Cyber Security Engineer to support the Software Engineering organization in San Diego, CA. The selected candidate will perform security engineering within a networking environment or enclave. Perform active evaluations such as compliance and vulnerability tests and adjudicate deviations from acceptable configurations, and policies. Provide Cybersecurity Assessment support and serve as a Cybersecurity expert throughout all stages of acquisition, systems engineering, and maintenance processes. Ensure system designs and implementations are consistent with policies, requirements, and directives, including compliance with Security Technical Implementation Guides (STIG), Security Requirements Guides (SRGs), Center for Internet Security (CIS) Benchmark, Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and Open Web Application Security Project (OWASP). Identify Cyber vulnerabilities and compliance issues. Remediate existing vulnerabilities or develop mitigations that minimize risks and work with the program to incorporate findings into the system POA&M. This role is located on-site, and will require up to 25% travel in support of organization needs. Duties & Responsibilities: Administer strict program control processes to ensure mitigation of risks and supports obtaining Assessment and Authorization (A&A) of systems. Support security process, analysis, coordination, assessment, documentation, software research. Provide security impacts and risk assessments of new system components and emerging technologies. Assist in the implementation of the Risk Management Framework (RMF), through the required government policy (i.e., NIST SP 800-53, NIST SP 800-37, CNSSI, etc.), make recommendations on process tailoring, participate in and document process activities. Implement, document, test and verify established security requirements. Basic Qualifications: Bachelor's Degree in a Science, Technology, Engineering or Mathematics (STEM) discipline from an accredited university and 5 years of relevant engineering experience, OR a Master's in STEM with 3 years of related engineering experience, OR a PhD in STEM with 0 years of related engineering experience In addition to DoD 8570 IAM Level I, one of the following IAT Level II/ IAM Level I Certifications (Network+ CE, or Security+ CE) Experience with compliance and vulnerability reporting tools (SCAP, ACAS, Nmap, SAST). Must possess familiarity/knowledge of both Windows and UNIX/Linux based platforms as well as basic systems engineering principles and concepts. Experience using and working with fundamental information technology principles, concepts and techniques to including software languages, design concepts, test methods, and integration practices. Experience in the field of cybersecurity including common terms, fundamental technical elements, network security, operating system security, and software security. Must possess familiarity and conceptual understanding of TCP/IP and Ethernet networking. Current active Top Secret Clearance. Preferred Qualifications: Experience with the implementation of National Institute of Standards and Technology (NIST) special publications, federal regulations, and DoD policies. Experience in documenting the security posture of an information system and reporting on security controls assigned to the system. Strong organizational, and communication skills and experience working with people at a variety of levels within the organization. Experience with system vulnerability management and security patch implementation as well as direct experience with DoD A&A activities, security processes, and documentation/reporting using RMF, NIST, or CNSSI guidance as required. Experience submitting authorization inputs and artifacts to support authorizing authority's ongoing assessment and authorization decisions. Experience performing moderately complex security information technology tasks independently and validating security assessments and reviews. Experience applying security hardening to information systems and networks under the guidance of the RMF. Masters STEM degree with experience performing Information Systems Security duties In addition to DoD 8570 IAM Level I, one of the following IAT Level II Certifications (Network+ CE or Security+ CE), and one of the following higher level certifications (CEH, CASP+, CISM, CISSP The health and safety of our employees and their families is a top priority. With the continuing impacts of COVID-19 around the world, we are taking action to protect the health and well-being of our colleagues and maintain the safety of the communities where we operate. As a federal contractor, and consistent with Executive Order 14042 (https://www.saferfederalworkforce.gov/contractors/), we will require all newly hired employees in the United States to be fully vaccinated by December 8, 2021 or by your start date if it is after December 8th. Federal guidance allows for disability/medical and religious accommodations with respect to the vaccine requirement. Any requested accommodations must be reviewed and approved (if applicable) in advance of your start date. Employees may be eligible for a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business. The health and safety of our employees and their families is a top priority. With the continuing impacts of COVID-19 around the world, we are taking action to protect the health and well-being of our colleagues and maintain the safety of the communities where we operate. As a federal contractor, and consistent with Executive Order 14042 (https://www.saferfederalworkforce.gov/contractors/) we will require all newly hired employees in the United States to be fully vaccinated by January 18, 2022 or by your start date if it is after January 18th. Federal guidance allows for disability/medical and religious accommodations with respect to the vaccine requirement. Any requested accommodations must be reviewed and approved (if applicable) in advance of your start date.