Exploit Developer/Penetration Tester 2/3

RELOCATION ASSISTANCE: No relocation assistance available

CLEARANCE TYPE: Top Secret

TRAVEL: Yes, 25% of the Time

Description

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

You think Rocket Science is cool? How about hacking it? Northrop Grumman is adding to our internally-focused penetration testing group, the Cyber Assessment Tiger Team. We are charged with emulating and staying at least one step ahead of the most sophisticated attackers in the world, and improving the survivability & resilience of our products, platforms and environments, worldwide. Here, penetration testing isn't for compliance, it's for making a difference in the success of our customers' missions.

Successful CATT members are intensely curious, excellent communicators, brilliant researchers, skilled hackers, and disciplined engineers. If you enjoy continuously learning new platforms/APIs/protocols/architectures/languages, and leveraging that knowledge to reverse engineer, develop, and demonstrate exploits against some of the most sophisticated technologies anywhere, let's talk.

Between engagements, our teams enjoy continuous education, cross-training, and independent R&D, and are responsible for sharing within the team and among our customers and the greater company CISO/Global Secure Solutions organization.

The Exploit Developer/Penetration Tester position conducts network or software vulnerability assessments and penetration testing, utilizing reverse engineering techniques. It perform vulnerability analysis and exploitation of applications, operating systems, or networks. Also identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Evaluates system security configurations. Evaluates findings and performs root cause analysis. Performs analysis of complex software systems to determine both functionality and intent of software systems. Resolves highly complex malware and intrusion issues. Contributes to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations. May prepare and presents technical reports and briefings. May perform documentation, vetting and weaponization of identified vulnerabilities for operational use.

Responsibilities include:

• Code analysis & hardware/binary reverse engineering to identify functionality and vulnerabilities on hardware & software including avionics and embedded systems
• Evaluate system security configurations for effectiveness and exploitation opportunities
• Develop and execute complete adversarial cyber testing scenarios against components, applications, operating systems, or complete integrated systems
• Contribute to the design, development, implementation, and integration of Offensive Cyber Operations tools against platforms, payloads & systems
• Contribute to the design, development, implementation, and integration of system Cyber Survivability Attributes
• Contribute to the preparation of technical reports and briefings
• Continually improve the knowledge and capabilities of yourself & the greater team

This position is hybrid/work from home part of the time, but also requires occasional travel within the continental United States, as well as possible international travel (up to 25% of the time). This role can be performed by a level 2 (early career) or level 3 (mid-career).

Basic Qualifications: 

• For a level 2: a minimum of High School Diploma, or a GED, and 6 years of experience with Cyber Security, Red Team, Penetration Testing, or Exploit Development is required.
• For a level 3: a minimum of High School Diploma, or a GED, and 9 years of experience with Cyber Security, Red Team, Penetration Testing, or Exploit Development is required.
• Must have software development to support penetration testing, including vuln dev, R/E tool modules, covert tunneling, scanning scripts, and passive collection
• Must have 2 years of experience in at least three (3) of the following languages: C, C++, C#, Python, Ruby, Rust, Bourne/Bash, PowerShell, Visual Basic, Go, PHP, Javascript, HTML
• Must be willing to travel domestically and internationally (up to 25% per year)  
• Must have the ability to obtain, and maintain, a DOD Top Secret security clearance, as well as an SCI access level, as a condition of continued employment. Additional clearances may also be required for certain government programs

Preferred Qualifications: 

• The ideal candidate will have a BS degree in Software Development, Computer Engineering, Computer Science, or other similar STEM related degree, to include 9 years of experience in Cyber Protection
• Technical computer/network knowledge and understanding of common computer hardware, software, networks, communications and connectivity
• Experience conducting full-scope assessments and penetration tests including:  social engineering, server & client-side attacks, protocol subversion, physical access restrictions, and web application exploitation
• Proficiency in the internal workings of either Linux, Unix, and/or Windows operating systems
• Experience using scan / attack / assess tools and techniques
• Ability and desire to learn additional Operating Systems, Computing Architectures, and Programming languages
• Demonstrated experience in technical report writing
• Technical certifications that support pen testing such as OSCP/OSCE/OSEE, GPEN/GXPN
• Software/hardware reverse engineering for vulnerability and exploit R&D
• RTOS experience (Integrity, Nucleus, VxWorks, etc.)
• PowerPC, ARM, Xilinx FPGA, RISCx, other hardware computing development experience
• Assembly language experience (any current architecture/OS)
• TCP/IP MITM, spoofing, exploitation experience
• Platform communications protocol expertise (ARINC 429, MIL-STD-1553, Spacewire, etc.)
• Cryptanalysis and cryptosystem exploitation experience
• In depth understanding of layer 2-7 communication protocols, common encoding and encryption schemes and algorithms
• Understanding of and experience either executing or defending against complex, targeted cyber threats to high-value systems and data
• Active Top Secret, and/or SCI access with an SSBI completed within the past 4 years, is highly desirable

Salary Range: $89,400.00 - $134,200.00Salary Range 2: $110,300.00 - $165,500.00

The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.

Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.

The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit http://www.northropgrumman.com/EEO. U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.