SCRM Vulnerability Assessment Engineer/Principal Engineer - #17383 - R10235216
Description
At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.Responsibilities Include:
Perform vulnerability assessments against COTs hardware / software
Review, Interpret, and Communicate vulnerability assessment results
Participate in a variety of working groups, customer meetings
Contributes to the ongoing enhancement of assessment capabilities through the development and implementation of improved methodology, processes, infrastructure, tools, and deliverables
Basic Qualifications:
This requisition may be filled at either the Systems Engineer level (T-02) or Principal Systems Engineer level (T-03).
T-02 Systems Engineer: 2 years of experience with Bachelor's degree or 0 years with a Master’s degree.
T-03 Principal Systems Engineer: 5 Years with Bachelors in Science; 3 Years with Masters; 1 Year with PhD.
Basic Qualifications for both:
- Must be a US Citizen with an active U.S. Government DoD Secret security clearance at time of application, current and within scope (<6 years), with an ability to obtain and maintain Special Access Program (SAP) approval within a reasonable period, as determined by the company to meet its business need
- Minimum 2 years of combined experience in software engineering, software or hardware testing, systems security engineering, or electrical engineering, or 0 years with a Master's degree in the above fields.
- Ability to obtain CompTIA Security+ certification within 6 months of starting in the position.
- Familiarity of developing, documenting, and executing formal test plans and procedures, with a specific focus on vulnerability/penetration testing and counterfeit part assurance.
Preferred Qualifications:
Top Secret Security Clearance
Any of the following certifications: OSCP, GREM, PenTest+ or comparable industry-recognized certifications
Experience utilizing penetration testing and vulnerability assessment tools (Kali Linux / Metasploit / NESSUS / ACAS / OpenVAS / Etc.)
Experience validating software configurations (STIG / OpenSCAP)
Experience with software forensics activities / processes
Experience with SCRM chain of custody processes / procedures
Experience in software or hardware reverse engineering and exploratory reconnaissance
Experience performing with OSINT analysis
Familiarity with MBSE concepts and tools to trace security requirements to test verification
Experience in bridging SW and HW in cross-disciplinary testing.
As a full-time employee of Northrop Grumman, you are eligible for our robust benefits package including:
Medical, Dental & Vision coverage
401k
Educational Assistance
Life Insurance
Employee Assistance Programs & Work/Life Solutions
Paid Time Off
Health & Wellness Resources
Employee Discounts
This position’s standard work schedule is a 9/80. The 9/80 schedule allows employees who work a nine-hour day Monday through Thursday to take every other Friday off.
#Sentinelsystems
