Cyber Security Penetration Tester 3
Northrop Grumman Technology Services is seeking a Cyber Protection professional to join our team of qualified,diverse individuals. This position will be located in Chester, VA with opportunities to move within the larger national and international Northrop Grumman organization in 2-3 years.
Realize the rewards of conquering a new challenge... The qualified applicant will become part of Northrop Grumman's Program Security Office in protecting the network security of tens of thousands of users for the Commonwealth of Virginia.
Roles and Responsibilities:
Advise the Program Security Officer on strategies and areas to improve Security posture. Recommend other Network
Security/Information Assurance upgrades/modifications to Information Systems Security Architecture.
- Conducts network or software vulnerability assessments and penetration testing utilizing reverse engineering
- Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or
incident path and method.
- Evaluates system security configurations.
- Evaluates findings and performs root cause analysis. Performs analysis of complex software systems to determine both
functionality and intent of software systems.
- Support resolutions for highly complex malware and intrusion issues.
- Contributes to the design, development and implementation of countermeasures, system integration, and tools specific to
Cyber and Information Operations.
- Review and assess technology infrastructures to identify key risk areas, and ensure adequate levels of control are in
place to address those risks
- A minimum of a Bachelor's degree with 5 years experience conducting penetration assessments or 4 years experience in lieu of a BS.
- Understanding of pentesting framework and processes
- Knowledge of LAN security, firewalls, intrusion detection/prevention, administration of servers, workstations, and other IT devices
- Knowledge of IA policy to include PCI, HIPAA, FTI
- Requires a practical level understanding of common TCP/IP-based services, including DNS, DHCP, HTTP, FTP, SSH, SMTP, etc.
- Practical understanding of Windows and Linux/UNIX-based system administration
- Conceptual understanding of Vulnerability and Risk Assessments; these processes may include scanning with authorized tools and/or scripts (SCAP, Retina, Nessus, scripts, MBSA, etc).
- Comprehensive knowledge of Office applications such as Word, Excel, and PowerPoint
- Candidates should be proven team players with excellent oral and written communications skills. Frequent interaction with government client is required.
- Highly motivated and creative
- US Citizenship
- A working knowledge of network security analysis using industry standard intrusion detection systems (e.g., Snort, McAfee, IBM, Cisco)
- A working knowledge and experience with pentesting tools (e.g. Metasploit, BURPSUITE)
- Ability to customize audit template files in support of risk and vulnerability assessments (such as Nessus, CIS benchmark, Microsoft SCM)
- Basic to intermediate scripting (Python, Perl, RegEx, WSH, Powershell)
- Experience administering Windows and Linux/UNIX-based systems.
- Experience in interpreting security policy
- Able to obtain or have any of the following certifications: GPEN, CEH, GAWN, GWAPT, LPT, GPYC, CPT
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.
Meet Some of Northrop Grumman's Employees
Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.
Back to top