Northrop Grumman (DoD SkillBridge) - Exploit Development / Penetration TesterUnknown City, AL

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

NG- Military Internship Program Description:

As one of the largest global security companies in the world, Northrop Grumman is proud to help our nation's military personnel make the transition to civilian careers. Approximately 1/4th of Northrop Grumman's 90,000 employees self-identify as veterans, and more than 1,600 are reservists.

The Northrop Grumman Military Internship Program (NG-MIP) is an approved SkillBridge Program under Dept. of Defense Instruction 1322.29. The NG-MIP program is an opportunity for transitioning service members to gain valuable civilian work experience through an individual internship during their last 6 months of service, for up to 180 days. The Northrop Grumman Military Internship Program is open to all ranks and experience levels. SkillBridge participants are not eligible for compensation from Northrop Grumman, as they continue to receive military compensation and benefits as active-duty service members .

Responsibilities for this internship position are:

Northrop Grumman Corporation (NGC) has developed the Northrop Grumman - Military Internship Program (DoD SkillBridge) utilizing the DoDI guidance for SkillBridge. During this program the service member will be on-site at his or her host company performing an individual internship in an entry to mid-level career type role. The service member will be on the job training supporting a work schedule equivalent to 40hrs per week. Outlined below are the Goals, Objectives, and Outcomes for the program.

  • Goals - Provide transitioning service members fellowship-style job skills training during the last portion(s) of their military commitment. This program is specifically designed to offer internships that result in the potential to transition to a full-time opportunity as the conclusion of the training. Interns will serve as a pipeline for high-speed, motivated military candidates into NGC.

  • Objectives - Service Members who complete the Intern program will be highly-trained, capable, future employees that align to the specific needs of the organization and are prepared to meet the NG mission "Defining Possible" on Day 1. This program provides a comprehensive internship experience including professional development, networking with leadership, and training specifically focused on NG leadership principles, company history, customer/stakeholder engagement, product and service overview, and core job responsibilities.

  • Outcome - Offer transitioning service member a rewarding opportunity to join the Northrop Grumman team.

DoD SkillBridge Eligibility:

  • Has served at least 180 days on active duty

  • Is within 12 months of separation or retirement

  • Will receive an honorable discharge

  • Has taken any service TAPS/TGPS

  • Has attended or participated in an ethics brief within the last 12 months

  • Received Unit Commander (first O-4/Field Grade commander in chain of command) written authorization and approval to participate in DoD SkillBridge Program prior to start of internship.

Job Description :

Northrop Grumman's Cyber Assessment Tiger Team (CATT) is seeking a well-qualified, creative, skilled, and motivated Exploit Development / Penetration Tester to join our qualified, diverse, and dynamic team of security professionals. This position will be located in This position is virtual / remote.

This position is focused on vulnerability research, reverse engineering, and exploit development against Northrop Grumman's systems, products & services. CATT conducts full-scope vulnerability assessment, exploit development, and penetration testing against Space Systems, Aeronautics, Mission Systems, manufacturing, and enterprise IT.

To succeed, the team member must have an intense desire to exploit real production or R&D satellites, avionics, and weapons systems, and be knowledgeable in a wide range of security issues including various computing architectures, network comms protocols, programming languages and defenses.

The selected candidate conducts network or software vulnerability assessments and penetration testing, utilizing reverse engineering techniques. Performs vulnerability analysis and exploitation of applications, operating systems, or networks. Also identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Evaluates system security configurations. Evaluates findings and performs root cause analysis. Performs analysis of complex software systems to determine both functionality and intent of software systems. Resolves highly complex malware and intrusion issues. Contributes to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations. May prepare and presents technical reports and briefings. May perform documentation, vetting and weaponization of identified vulnerabilities for operational use.

Additional Responsibilities include:

  • Code analysis & hardware/binary reverse engineering to identify functionality and vulnerabilities on hardware & software including avionics and embedded systems

  • Evaluate system security configurations for effectiveness and exploitation opportunities

  • Develop and execute complete adversarial cyber testing scenarios against components, applications, operating systems, or complete integrated systems

  • Contribute to the design, development, implementation, and integration of Offensive Cyber Operations tools against platforms, payloads & systems

  • Contribute to the design, development, implementation, and integration of system Cyber Survivability Attributes

  • Contribute to the preparation of technical reports and briefings

  • Continually improve the knowledge and capabilities of yourself & the greater team

The selected candidate should thrive in a fast-paced work environment with high expectations, significantly diverse assignments, and collaborative/team settings across all levels.

Basic Qualifications:

  • High School Diploma, or a GED, and 2 years of experience with Cyber Security, Red Team, Penetration Testing, or Exploit Development is required

  • Must have software development to support penetration testing, including vuln dev, R/E tool modules, covert tunneling, scanning scripts, and passive collection

  • Must have 2 years of experience in at least three (3) of the following languages: C, C++, C#, Python, Ruby, Perl, Bourne/Bash, PowerShell, Visual Basic, VBScript, PHP, Javascript, HTML

  • Must be willing to travel domestically and internationally (up to 25% per year)

  • Must have the ability to obtain, and maintain, a DOD Top Secret security clearance, as well as an SCI access level, as a condition of continued employment. Additional clearances may also be required for certain government programs

Preferred Qualifications:

  • The ideal candidate will have a BS degree in Software Development, Computer Engineering, Computer Science, or other similar STEM related degree, to include 9 years of experience in Cyber Protection

  • Technical computer/network knowledge and understanding of common computer hardware, software, networks, communications and connectivity

  • Experience conducting full-scope assessments and penetration tests including: social engineering, server & client-side attacks, protocol subversion, physical access restrictions, and web application exploitation

  • Proficiency in the internal workings of either Linux, Unix, and/or Windows operating systems

  • Experience using scan / attack / assess tools and techniques

  • Ability and desire to learn additional Operating Systems, Computing Architectures, and Programming languages

  • Demonstrated experience in technical report writing

  • Technical certifications that support pen testing such as OSCP/OSCE/OSEE, GPEN/GXPN

  • Software/hardware reverse engineering for vulnerability and exploit R&D

  • RTOS experience (Integrity, Nucleus, VxWorks, etc.)

  • PowerPC, ARM, Xilinx FPGA, RISCx, other hardware computing development experience

  • Assembly language experience (any current architecture/OS)

  • TCP/IP MITM, spoofing, exploitation experience

  • Platform communications protocol expertise (ARINC 429, MIL-STD-1553, Spacewire, etc.)

  • Cryptanalysis and cryptosystem exploitation experience

  • In depth understanding of layer 2-7 communication protocols, common encoding and encryption schemes and algorithms

  • Understanding of and experience either executing or defending against complex, targeted cyber threats to high-value systems and data

  • Active Top Secret, and/or SCI access with an SSBI completed within the past 4 years, is highly desirable

ESCSO

ESMilIntern

ESCyberInfoSec

Salary Range: $79,300 - $118,900

The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.

Employees may be eligible for a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.

The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit http://www.northropgrumman.com/EEO . U.S. Citizenship is required for most positions.