Northrop Grumman TASC is seeking a Senior Information Systems Security Engineer to join our Software Code Analysis team in Annapolis Junction, MD. The Software Code Analysis team is a high-performance, uniquely skilled, code analysis team comprised of software analysts and security engineers that perform deep vulnerability analysis on software. Using an adversarial viewpoint, the software analysis team assesses source and binary code for vulnerabilities, backdoors, exploitable errors and discovers attacks in run state. The team integrates several tools and subject matter expertise to analyze the software, produce reports, and recommend mitigations. This service is available both internally to Northrop Grumman in-house developments as well as external customers, particularly geared toward the Intelligence Community.
Specific Duties and Responsibilities: The senior security engineer will analyze the output of several software scanning tools to discover design flaws, and working with the software analysts, quantify the risks associated with the design flaws. The senior security engineer will provide in-depth subject matter expertise in information security to validate the findings, produce reports for the customer, and provide recommendations for mitigations. The senior security engineer will also provide security thought leadership by bringing in an adversarial viewpoint and by integrating the results of the scanning tools in creative ways to discover vulnerabilities that were not found by the standard set of scanning tools. The senior engineer will be knowledgeable about current threat data and cyber attack trends from various sources. The senior engineer will correlate data derived from a variety of sources, including software scanning tools, manual review, and zero-day attack data. The senior engineer will produce vulnerability assessment reports and mitigation recommendations for the customer. The candidate must be a creative, highly motivated analyst able to operate both in a team setting as well as independently in a fast-paced rapidly changing environment. A broad familiarization of common currently used security and network protocols and operating systems is essential. The senior engineer will also provide leadership and mentoring to junior analysts.
Required skills and experience: This is a senior level position. Prefer a BA/BS and at least 14 years of related experience. The candidate should be familiar with system and network attack and defense techniques. Good communication (written and oral) skills are preferred. Candidate must be eligible for a TS/SCI with polygraph clearance. Current TS/SCI with polygraph preferred.
Relocation Assistance Available.
|