Exploit Developer/Penetration Tester 2/3

About the position At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. Do you think Rocket Science is cool? How about hacking it? Northrop Grumman is adding to our internally-focused penetration testing group, the Cyber Assessment Tiger Team. We are charged with emulating and staying at least one step ahead of the most sophisticated attackers in the world, and improving the survivability & resilience of our products, platforms and environments, worldwide. Here, penetration testing isn't for compliance, it's for making a difference in the success of our customers' missions. Successful CATT members are intensely curious, excellent communicators, brilliant researchers, skilled hackers, and disciplined engineers. If you enjoy continuously learning new platforms/APIs/protocols/architectures/languages, and leveraging that knowledge to reverse engineer, develop, and demonstrate exploits against some of the most sophisticated technologies anywhere, let's talk. Between engagements, our teams enjoy continuous education, cross-training, and independent R&D, and are responsible for sharing within the team and among our customers and the greater company CISO/Global Secure Solutions organization. Responsibilities include: Code analysis & hardware/binary reverse engineering to identify functionality and vulnerabilities on hardware & software including avionics and embedded systems Evaluate system security configurations for effectiveness and exploitation opportunities Develop and execute complete adversarial cyber testing scenarios against components, applications, operating systems, or complete integrated systems Contribute to the design, development, implementation, and integration of Offensive Cyber Operations tools against platforms, payloads & systems Contribute to the design, development, implementation, and integration of system Cyber Survivability Attributes Contribute to the preparation and presentation of technical reports and briefings Continually improve the knowledge and capabilities of yourself & the greater team This position is hybrid/work from home part of the time but also requires occasional travel within the continental United States and internationally (up to 25% of the time). This opening can be filled by a level 2 (early career) or level 3 (mid-career) pen tester. Responsibilities • Code analysis & hardware/binary reverse engineering to identify functionality and vulnerabilities on hardware & software including avionics and embedded systems • Evaluate system security configurations for effectiveness and exploitation opportunities • Develop and execute complete adversarial cyber testing scenarios against components, applications, operating systems, or complete integrated systems • Contribute to the design, development, implementation, and integration of Offensive Cyber Operations tools against platforms, payloads & systems • Contribute to the design, development, implementation, and integration of system Cyber Survivability Attributes • Contribute to the preparation and presentation of technical reports and briefings • Continually improve the knowledge and capabilities of yourself & the greater team Requirements • For level 2: a minimum of High School Diploma, or a GED, and 6 years of experience with Cyber Security, Red Team, Penetration Testing, or Exploit Development is required. • For level 3: a minimum of High School Diploma, or a GED, and 9 years of experience with Cyber Security, Red Team, Penetration Testing, or Exploit Development is required. • Must have experience in software development to support penetration testing, including vuln dev, R/E tool modules, covert tunneling, scanning scripts, and passive collection • Must have 2 years of experience in at least three (3) of the following languages: C, C++, C#, Python, Ruby, Rust, Bourne/Bash, PowerShell, Visual Basic, Go, PHP, Javascript, HTML • Must be willing to travel domestically and internationally (up to 25% per year) • Must have the ability to obtain, and maintain, a DOD Top Secret security clearance as a condition of continued employment. Additional clearances may also be required for certain government programs Nice-to-haves • The ideal candidate will have a BS degree in Software Development, Computer Engineering, Computer Science, or other similar STEM related degree, to include 9 years of experience in Cyber Protection • Technical computer/network knowledge and understanding of common computer hardware, software, networks, communications and connectivity • Experience conducting full-scope assessments and penetration tests including: social engineering, server & client-side attacks, protocol subversion, physical access restrictions, and web application exploitation • Proficiency in the internal workings of either Linux, Unix, and/or Windows operating systems • Experience using scan / attack / assess tools and techniques • Ability and desire to learn additional Operating Systems, Computing Architectures, and Programming languages • Demonstrated experience in technical report writing • Technical certifications that support pen testing such as OSCP/OSCE/OSEE, GPEN/GXPN • Software/hardware reverse engineering for vulnerability and exploit R&D • RTOS experience (Integrity, Nucleus, VxWorks, etc.) • Experience developing, exploiting and jailbreaking GenAI and Agentic solutions • PowerPC, ARM, Xilinx FPGA, RISCx, other hardware computing development experience • Assembly language experience (any current architecture/OS) • TCP/IP MITM, spoofing, exploitation experience • Platform communications protocol expertise (ARINC 429, MIL-STD-1553, Spacewire, etc.) • Cryptanalysis and cryptosystem exploitation experience • In depth understanding of layer 2-7 communication protocols, common encoding and encryption schemes and algorithms • Understanding of and experience either executing or defending against complex, targeted cyber threats to high-value systems and data • Active Top Secret, and/or SCI access with an SSBI completed within the past 4 years, is highly desirable Benefits • health insurance coverage • life and disability insurance • savings plan • Company paid holidays and paid time off (PTO) for vacation and/or personal business Apply tot his job Apply To this Job