Web Security Lead - Pen Tester

Northrop Grumman is seeking a motivated professional to join our team as a Web Security Lead. This position is located in Quantico, VA. The Web Security Lead will support the Senior Cyber Security Manager within DSS Cyber Network Defense (CND) unit. Perform assessments of systems and networks within the networking environment or enclave and identifies where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. Evaluate incident response procedures and capabilities through Red Team exercises. Exploits system and network vulnerabilities and misconfigurations for the purpose of gathering data from target or adversary automated information systems or networks and to enable operations and intelligence collection capabilities.

Responsibilities:

  • Develop and perform comprehensive penetration testing against a large-scale enterprise network.
  • Simulate sophisticated cyber-attacks and write reports to document your findings and brief event details to stakeholders
  • Evaluates incident response procedures and capabilities through Red Team exercises.
  • Exploit internal system and network vulnerabilities and misconfigurations for the purpose of gathering data from target or adversary automated information systems or networks and to enable operations and intelligence collection capabilities.
  • Perform Web penetration testing, internal and external security assessments, vulnerability discovery and exploitation, post-exploitation impact analysis, and physical security.
  • Simulate Red Team operations against people, processes and technologies include web applications, databases, web services, network devices, operating systems, infrastructure devices

DSSEITS

Basic Qualifications:

  • 9 Years of experience with Bachelors a technical specialty: cyber security, computer science, or similar field (7 Years with Masters; 4 Years with PhD). May accept four (4) additional years of experience may be considered in lieu to degree.
  • Extensive experience executing information system penetration testing techniques and tools
  • Experience with any of the following Kali Linux, Burp Suite, Metasploit, and Meterpreter
  • Scripting/coding experience (Python, Perl, Ruby, Bash, PowerShell, .NET, HTML5, PHP etc.)
  • 4 years of experience with Web Application security testing
  • 4 years of experience with one or more of the following: network vulnerability assessments, network penetration testing, red teaming, security operations, or hunt
  • Knowledge of intrusion set tactics, techniques, and procedures (TTP) with the ability to emulate these TTP to assess vulnerability and risk
  • General Operating System knowledge– Solid understanding and practical experience in various flavors of Windows and Linux, OS configuration, file system structures, OS components, mobile operating systems etc.
  • IAT-I, II or III IA Baseline Certification (SEC , CISSP, etc.)
  • CND IA Auditor Baseline Certification: (CEH, CISA, GSNA)
  • Computing Environment or OS Certificate
  • Must possess an active/current TS/SCI clearance.

Preferred Qualifications:

  • Knowledge of Advanced Persistent Threat (APT) activity; Offensive attack hacker mindset
  • Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
  • Knowledge of OSINT tools and techniques
  • Incident Response – forensics and system/network integrity
  • Proficiency in development of applications, custom tools, and solutions in various coding languages to include SQL, python, Django, perl, ruby, PHP, Java, etc.
  • Database experience – (Oracle, MSSQL, MySQL,)
  • Certifications (CEPT, LPT, ECSA, GIAC; GAWN, GPEN, GWAPT, GXP

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.


Meet Some of Northrop Grumman's Employees

Jacqueline T.

Electrical Engineer

Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.

Jonathan M.

Electronics Engineer

Jonathan works with avionics industry subject matter experts to come up with new feature developments before implementing those ideas in the Northrop Grumman laboratory.


Back to top