Be an early applicantLess than 25 applicants

Company

Original Job Post

Northrop Grumman · 2 days ago

Exploit Development / Penetration Tester

Alabama, United States

Full-time

Hybrid

Intern Level

$79K/yr - $119K/yr

Wonder how qualified you are to the job?

Maximize your interview chances

AerospaceData Integration

Actively Hiring

Growth Opportunities

Hiring Manager

Ariel Woessner

Insider Connection @Northrop Grumman

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Conduct network or software vulnerability assessments and penetration testing, utilizing reverse engineering techniques.

Perform vulnerability analysis and exploitation of applications, operating systems, or networks.

Identify intrusion or incident path and method. Isolate, block or remove threat access.

Evaluate system security configurations and perform root cause analysis.

Contribute to the design, development, and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations.

Prepare and present technical reports and briefings.

Perform documentation, vetting, and weaponization of identified vulnerabilities for operational use.

Code analysis & hardware/binary reverse engineering to identify functionality and vulnerabilities on hardware & software including avionics and embedded systems.

Develop and execute complete adversarial cyber testing scenarios against components, applications, operating systems, or complete integrated systems.

Contribute to the design, development, implementation, and integration of Offensive Cyber Operations tools against platforms, payloads & systems.

Contribute to the design, development, implementation, and integration of system Cyber Survivability Attributes.

Contribute to the preparation of technical reports and briefings.

Continually improve the knowledge and capabilities of yourself & the greater team.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Software DevelopmentPenetration TestingVulnerability DevelopmentReverse EngineeringCovert TunnelingScanning ScriptsPassive CollectionCC++C#PythonRubyPerlBourne/BashPowerShellVisual BasicVBScriptPHPJavaScriptHTMLSecurity ClearanceDOD Top SecretSCI Access LevelOperating SystemsReport WritingRTOSHardware DevelopmentAssembly LanguageTCP/IP ExperienceCommunication Protocols

Required

High School Diploma, or a GED, and 2 years of experience with Cyber Security, Red Team, Penetration Testing, or Exploit Development is required

Must have software development to support penetration testing, including vuln dev, R/E tool modules, covert tunneling, scanning scripts, and passive collection

Must have 2 years of experience in at least three (3) of the following languages: C, C++, C#, Python, Ruby, Perl, Bourne/Bash, PowerShell, Visual Basic, VBScript, PHP, Javascript, HTML

Must be willing to travel domestically and internationally (up to 25% per year)

Candidates must have the ability to obtain, and maintain, a DOD Top Secret level security clearance, as well as an SCI level access, as a condition of continued employment. Additional clearances may also be required for certain government programs

Preferred

The ideal candidate will have a BS degree in Software Development, Computer Engineering, Computer Science, or other similar STEM related degree, to include 9 years of experience in Cyber Protection

Technical computer/network knowledge and understanding of common computer hardware, software, networks, communications and connectivity

Experience conducting full-scope assessments and penetration tests including: social engineering, server & client-side attacks, protocol subversion, physical access restrictions, and web application exploitation

Proficiency in the internal workings of either Linux, Unix, and/or Windows operating systems

Experience using scan / attack / assess tools and techniques

Ability and desire to learn additional Operating Systems, Computing Architectures, and Programming languages

Demonstrated experience in technical report writing

Technical certifications that support pen testing such as OSCP/OSCE/OSEE, GPEN/GXPN

Software/hardware reverse engineering for vulnerability and exploit R&D

RTOS experience (Integrity, Nucleus, VxWorks, etc.)

PowerPC, ARM, Xilinx FPGA, RISCx, other hardware computing development experience

Assembly language experience (any current architecture/OS)

TCP/IP MITM, spoofing, exploitation experience

Platform communications protocol expertise (ARINC 429, MIL-STD-1553, Spacewire, etc.)

Cryptanalysis and cryptosystem exploitation experience