Northrop Grumman Application Security Engineer in McLean, Virginia

Northrop Grumman Technology Services sector is seeking an Application Security Engineer 3to join our team of qualified, diverse individuals. This position will be located in McLean, VA. The qualified applicant will become part of Northrop Grumman's Department of State (DOS) Consular Systems Modernization (CSM) Program, for the Bureau of Consular Affairs (CA). This initiative is intended to modernize and consolidate the operational environment under a common technology framework in order to better support the services provided to CA's customers. The Application Security Engineer is responsible for ensuring the solution meets the security criteria of the program and DoS.

Roles and Responsibilities:

  • Analyze and study complex system requirements from a security perspective

  • Review existing solution and assist in making refinements improving security

  • Support defining the program's security requirements

  • Perform Risk Assessments including vulnerability scans, penetration tests (incl. social engineering), 3rd Party (e.g., vendor) risk assessment, and data-centric risk assessment

  • Complete Threat Intelligence including internal, external, online threat information sources and indicators of compromise

  • Perform Security Operations including vulnerability management, data loss/leakage prevention, and incident response

  • Provide Security Engineering including security architecture, secure software development, and cryptography

  • Perform static and dynamic analysis of .NET and Java based applications including code reviews

  • Install/Configure and use tools such as Fortify, HP Scan to perform white box security assessments

  • Perform intensive analysis of application/platform access control data structures and articulate security requirements

  • Support Cloud Security including Cloud-based Identify and access management roles, policies, resources and credentials and user provisioning, SAML, openid auth, etc.


Basic Qualifications:

To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:

  • Bachelor's degree in a related field (STEM) and at least 5 years' experience.

  • 3 years' experience in all aspects of security engineering

  • SANS or ISC2 program certifications such as GIAC Web Application Defender, GIAC Secure Software Programmers cert, Certified Secure Software Lifecycle Professional (CSSLP)

  • Strong coding skills in Python, Ruby, Java, C#, javascript

  • Working knowledge of network and web related protocols TCP/IP, UDP, IPSEC, HTTP/S and BGP

  • Understanding of entire technology stack of networks, databases, applications and endpoints

  • Maintaining a working knowledge of current security threats

  • Hands on experience with application security

  • Understanding of web service technologies such as XML, JSON, SOAP, and REST

  • Working experience in medium to large program using Agile

  • Must have a current, active Secret (or higher) clearance. Interim clearance may be considered.

Preferred Qualifications:

Candidates with these desired skills will be given preferential consideration:

  • Experience in cloud based environments including deploying solutions on public/hybrid clouds

  • Experience implementing DevSecOps for large program using Agile, preferably SAFe, development methodology

  • Excellent communication skills, both verbally and in writing to effectively interact with multiple teams both internal and external

  • Experience implementing DevSecOps using SonaType platform for a Cloud-based system on a modernization program ensuring existing applications and systems are modernized to satisfy legacy functional requirements

  • Experience with IBM Rational Collaborative Lifecycle ManagementNorthrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit . U.S. Citizenship is required for most positions.