Principal / Sr. Principal Software Engineer - Software Assurance

Northrop Grumman Northrop Grumman · Aerospace · El Segundo, CA +1 · Software

This role focuses on software assurance, reviewing software scans, identifying and recommending remediation for software flaws, and ensuring program requirements related to software assurance are met. It involves interacting with technical discipline organizations and developing software assurance deliverables within a defense sector context.

What you'd actually do

  1. Support the review of all software scans and provide recommendations on removing software flaws.
  2. Interact with the software assurance technical discipline organization to ensure program is following policy/process
  3. Ensure program requirements are met with respect to software assurance, including the development of software assurance deliverables

Skills

Required

  • Bachelor of Science degree in a STEM discipline with 5 years of engineering related experience or a Masters in STEM with 3 years of related engineering experience
  • Bachelor of Science degree in a STEM discipline with 8 years of engineering related experience OR a Masters in STEM with 6 years of related engineering experience OR a PhD in STEM with 4 years of related engineering experience
  • Experience with at least one programming language (Java, JavaScript, C++, C#, Python, Swift) and software development lifecycle
  • Experience with one of the following configuration management systems: GIT, GitLab, GitHub, Bitbucket, Subversion
  • Ability to obtain and maintain a US Government clearance and Special Access Program (SAP) within a reasonable amount of time as determined by business needs
  • Willingness to learn and grow in the software assurance discipline

Nice to have

  • Basic knowledge of containers and cloud technology (AWS, VMWare, Azure, Kubernetes)
  • Basic knowledge of agile processes (Kanban, Scrum, Scrumban)
  • Basic knowledge of security metrics
  • Basic knowledge of software application security testing, dynamic analysis, software composition analysis, fuzzing, binary analysis
  • Basic knowledge of the Risk Management Framework (RMF) – NIST SP 800-53r5
  • Common weakness enumeration (CWEs)
  • Common vulnerability enumeration (CVEs)

What the JD emphasized

  • SAP
  • US Government clearance
  • Special Access Program (SAP)