Scrm Vulnerability Assessment Engineer/principal Engineer - #17383

Northrop Grumman Northrop Grumman · Aerospace · Roy, UT +1 · Systems/Architecture/Test

This role focuses on researching, testing, and documenting the cybersecurity posture of commercial off-the-shelf hardware and software products, performing vulnerability assessments, and contributing to the enhancement of assessment capabilities. It requires a Secret security clearance and familiarity with testing methodologies and tools.

What you'd actually do

  1. Perform vulnerability assessments against COTs hardware / software
  2. Review, Interpret, and Communicate vulnerability assessment results
  3. Participate in a variety of working groups, customer meetings
  4. Contributes to the ongoing enhancement of assessment capabilities through the development and implementation of improved methodology, processes, infrastructure, tools, and deliverables

Skills

Required

  • US Citizen with active U.S. Government DoD Secret security clearance
  • Ability to obtain CompTIA Security+ certification within 6 months
  • Familiarity of developing, documenting, and executing formal test plans and procedures, with a specific focus on vulnerability/penetration testing and counterfeit part assurance

Nice to have

  • Top Secret Security Clearance
  • OSCP, GREM, PenTest+ or comparable industry-recognized certifications
  • Experience utilizing penetration testing and vulnerability assessment tools (Kali Linux / Metasploit / NESSUS / ACAS / OpenVAS / Etc.)
  • Experience validating software configurations (STIG / OpenSCAP)
  • Experience with software forensics activities / processes
  • Experience with SCRM chain of custody processes / procedures
  • Experience in software or hardware reverse engineering and exploratory reconnaissance
  • Experience performing with OSINT analysis
  • Familiarity with MBSE concepts and tools to trace security requirements to test verification
  • Experience in bridging SW and HW in cross-disciplinary testing

What the JD emphasized

  • Secret security clearance
  • vulnerability assessments
  • testing