Job Requirements
Schriever AFB, CO
Top Secret Polygraph not specified
Mid Level Career (5+ yrs experience)
$1,200,000 - $1,500
Job Description
• Company: Northrop Grumman
• Position: Cyber A&A Engineer
• Location: Schriever SFB
• Duration: long term, ongoing contract – we are a direct sub to the C2BMC program
• Clearance: Top Secret
• Program – C2BMC
"Essential Functions:
• Process and track DD Form 2875 user account forms and required training for privileged and non-privileged accounts, perform annual account validation, and work with the system administrator on the creation, modification, and removal of accounts
• Conduct an assessment of systems and networks within a virtual environment to identify deviations from acceptable configurations, enclave policies, or local policies. This involves passive evaluations like compliance audits with STIG Viewer and SCAP, as well as active evaluations, including vulnerability assessments with ACAS
• Perform Security Technical Implementation Guide (STIG) assessments and hardening for Windows, Red Hat Enterprise Linux (RHEL) systems, and networking equipment using ConfigOS
• Develop test plans that reflect how STIG checks are implemented and that show the expected outcomes of those checks
• Update Risk Management Framework (RMF) artifact documentation to ensure that non-compliant system hardening is tracked and remediated
• Establish strict program control processes to ensure risk mitigation and support the assessment and authorization of systems
• Includes support for process, analysis, coordination, control certification testing, compliance documentation, as well as investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits
• Assist in implementing the required government policy (e.g., NISPOM, NIST, DoD), make recommendations on process tailoring, and participate in and document process activities
• Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards
• Support program test milestones through pre-test preparations, participating in the tests, analysis of the results, and preparation of required artifacts supporting authorization
• Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow Diagrams, Hardware and Software Listings, Ports, Protocols, Services Management documentation to support Assessment and Authorization activities, and maintain the Plan of Actions and Milestones (POA&M)
• Periodically conduct a comprehensive review of each program's support and operational system audits and monitor corrective actions until all actions are closed
• Coordinate across the program to address identified deficiencies in RMF assessment activities
Basic Qualifications:
Please list your current security clearance and IAT or relevant certifications on your resume, if applicable.
• A Bachelor’s Degree in Computer Science, Chemical Engineering, Mechanical Engineering, Electrical Engineering, Engineering, Mathematics, Physics, or a related field from an accredited university, along with 5 years of experience; or a Master’s degree in a related field with 3 years of relevant work experience; or 9 years of relevant work experience may be considered as an alternative to a degree
• Applicants must have a current, active DoD 8140 certification at IAT Level II / IAM Level I or higher (such as Security+ CE, CCNA-Security, CySA+, CND, CGRC, CASP, CISM, CISSP for Associate, CCISO, etc.) at the time of application, which is required to start. The candidate is responsible for maintaining their DoD 8140 certification throughout the entire contract period
• Applicants must have a current, active in-scope DoD-issued Top Secret security clearance at the time of application, which is required to start
• Security engineering skills with a working knowledge of cybersecurity technology and DoD/Federal cybersecurity policy (i.e., DoDI 8500.01, NIST SP 800-53, etc.)
• Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS)
Understanding of the Risk Management Framework (RMF) Cybersecurity Lifecycle to include:
• Identifying controls and overlays, generating testable requirements, identifying resilient architecture design, configuring, running, and scripting audit tools, analyzing vulnerabilities, and conducting verification testing for compliance assessment
• Knowledge of Software Assurance (SwA) static and dynamic code analysis (e.g., Fortify/SonarQube)
Preferred Qualifications
• Windows and Red Hat Enterprise Linux (RHEL) system administration skills
• Previous background working in a virtual environment
• Previous background working with Docker and containers
• Administer ACAS and ESS (formally HBSS)
• Previous experience with ConfigOS"
• Position: Cyber A&A Engineer
• Location: Schriever SFB
• Duration: long term, ongoing contract – we are a direct sub to the C2BMC program
• Clearance: Top Secret
• Program – C2BMC
"Essential Functions:
• Process and track DD Form 2875 user account forms and required training for privileged and non-privileged accounts, perform annual account validation, and work with the system administrator on the creation, modification, and removal of accounts
• Conduct an assessment of systems and networks within a virtual environment to identify deviations from acceptable configurations, enclave policies, or local policies. This involves passive evaluations like compliance audits with STIG Viewer and SCAP, as well as active evaluations, including vulnerability assessments with ACAS
• Perform Security Technical Implementation Guide (STIG) assessments and hardening for Windows, Red Hat Enterprise Linux (RHEL) systems, and networking equipment using ConfigOS
• Develop test plans that reflect how STIG checks are implemented and that show the expected outcomes of those checks
• Update Risk Management Framework (RMF) artifact documentation to ensure that non-compliant system hardening is tracked and remediated
• Establish strict program control processes to ensure risk mitigation and support the assessment and authorization of systems
• Includes support for process, analysis, coordination, control certification testing, compliance documentation, as well as investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits
• Assist in implementing the required government policy (e.g., NISPOM, NIST, DoD), make recommendations on process tailoring, and participate in and document process activities
• Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards
• Support program test milestones through pre-test preparations, participating in the tests, analysis of the results, and preparation of required artifacts supporting authorization
• Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow Diagrams, Hardware and Software Listings, Ports, Protocols, Services Management documentation to support Assessment and Authorization activities, and maintain the Plan of Actions and Milestones (POA&M)
• Periodically conduct a comprehensive review of each program's support and operational system audits and monitor corrective actions until all actions are closed
• Coordinate across the program to address identified deficiencies in RMF assessment activities
Basic Qualifications:
Please list your current security clearance and IAT or relevant certifications on your resume, if applicable.
• A Bachelor’s Degree in Computer Science, Chemical Engineering, Mechanical Engineering, Electrical Engineering, Engineering, Mathematics, Physics, or a related field from an accredited university, along with 5 years of experience; or a Master’s degree in a related field with 3 years of relevant work experience; or 9 years of relevant work experience may be considered as an alternative to a degree
• Applicants must have a current, active DoD 8140 certification at IAT Level II / IAM Level I or higher (such as Security+ CE, CCNA-Security, CySA+, CND, CGRC, CASP, CISM, CISSP for Associate, CCISO, etc.) at the time of application, which is required to start. The candidate is responsible for maintaining their DoD 8140 certification throughout the entire contract period
• Applicants must have a current, active in-scope DoD-issued Top Secret security clearance at the time of application, which is required to start
• Security engineering skills with a working knowledge of cybersecurity technology and DoD/Federal cybersecurity policy (i.e., DoDI 8500.01, NIST SP 800-53, etc.)
• Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS)
Understanding of the Risk Management Framework (RMF) Cybersecurity Lifecycle to include:
• Identifying controls and overlays, generating testable requirements, identifying resilient architecture design, configuring, running, and scripting audit tools, analyzing vulnerabilities, and conducting verification testing for compliance assessment
• Knowledge of Software Assurance (SwA) static and dynamic code analysis (e.g., Fortify/SonarQube)
Preferred Qualifications
• Windows and Red Hat Enterprise Linux (RHEL) system administration skills
• Previous background working in a virtual environment
• Previous background working with Docker and containers
• Administer ACAS and ESS (formally HBSS)
• Previous experience with ConfigOS"
group id: 10112344
Defining Company Culture
