Northrop Grumman · 2 days ago
Exploit Development / Penetration Tester
Wonder how qualified you are to the job?
Insider Connection @Northrop Grumman
Responsibilities
Conduct network or software vulnerability assessments and penetration testing, utilizing reverse engineering techniques.
Perform vulnerability analysis and exploitation of applications, operating systems, or networks.
Identify intrusion or incident path and method. Isolate, block or remove threat access.
Evaluate system security configurations and perform root cause analysis.
Contribute to the design, development, and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations.
Prepare and present technical reports and briefings.
Perform documentation, vetting, and weaponization of identified vulnerabilities for operational use.
Code analysis & hardware/binary reverse engineering to identify functionality and vulnerabilities on hardware & software including avionics and embedded systems.
Develop and execute complete adversarial cyber testing scenarios against components, applications, operating systems, or complete integrated systems.
Contribute to the design, development, implementation, and integration of Offensive Cyber Operations tools against platforms, payloads & systems.
Contribute to the design, development, implementation, and integration of system Cyber Survivability Attributes.
Contribute to the preparation of technical reports and briefings.
Continually improve the knowledge and capabilities of yourself & the greater team.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
High School Diploma, or a GED, and 2 years of experience with Cyber Security, Red Team, Penetration Testing, or Exploit Development is required
Must have software development to support penetration testing, including vuln dev, R/E tool modules, covert tunneling, scanning scripts, and passive collection
Must have 2 years of experience in at least three (3) of the following languages: C, C++, C#, Python, Ruby, Perl, Bourne/Bash, PowerShell, Visual Basic, VBScript, PHP, Javascript, HTML
Must be willing to travel domestically and internationally (up to 25% per year)
Candidates must have the ability to obtain, and maintain, a DOD Top Secret level security clearance, as well as an SCI level access, as a condition of continued employment. Additional clearances may also be required for certain government programs
Preferred
The ideal candidate will have a BS degree in Software Development, Computer Engineering, Computer Science, or other similar STEM related degree, to include 9 years of experience in Cyber Protection
Technical computer/network knowledge and understanding of common computer hardware, software, networks, communications and connectivity
Experience conducting full-scope assessments and penetration tests including: social engineering, server & client-side attacks, protocol subversion, physical access restrictions, and web application exploitation
Proficiency in the internal workings of either Linux, Unix, and/or Windows operating systems
Experience using scan / attack / assess tools and techniques
Ability and desire to learn additional Operating Systems, Computing Architectures, and Programming languages
Demonstrated experience in technical report writing
Technical certifications that support pen testing such as OSCP/OSCE/OSEE, GPEN/GXPN
Software/hardware reverse engineering for vulnerability and exploit R&D
RTOS experience (Integrity, Nucleus, VxWorks, etc.)
PowerPC, ARM, Xilinx FPGA, RISCx, other hardware computing development experience
Assembly language experience (any current architecture/OS)
TCP/IP MITM, spoofing, exploitation experience
Platform communications protocol expertise (ARINC 429, MIL-STD-1553, Spacewire, etc.)
Cryptanalysis and cryptosystem exploitation experience
In depth understanding of layer 2-7 communication protocols, common encoding and encryption schemes and algorithms
Understanding of and experience either executing or defending against complex, targeted cyber threats to high-value systems and data
Active Top Secret, and/or SCI access with an SSBI completed within the past 4 years, is highly desirable
Benefits
Health insurance coverage
Life and disability insurance
Savings plan
Company paid holidays
Paid time off (PTO) for vacation and/or personal business
Company
Northrop Grumman
We are a close-knit community of big thinkers collaborating to keep the world safe.
Funding
Current Stage
Public CompanyTotal Funding
$2.82BKey Investors
U.S. Department of DefenseNASA
2024-01-29Post Ipo Debt· $2.5B
2023-12-20Grant· $72M
2021-12-03Grant· $125.6M
Leadership Team
Recent News
SeekingAlpha
2024-05-15
2024-05-04
Company data provided by crunchbase