Northrop Grumman Application Security Engineer in McLean, Virginia
Northrop Grumman Technology Services sector is seeking an Application Security Engineer 3to join our team of qualified, diverse individuals. This position will be located in McLean, VA. The qualified applicant will become part of Northrop Grumman's Department of State (DOS) Consular Systems Modernization (CSM) Program, for the Bureau of Consular Affairs (CA). This initiative is intended to modernize and consolidate the operational environment under a common technology framework in order to better support the services provided to CA's customers. The Application Security Engineer is responsible for ensuring the solution meets the security criteria of the program and DoS.
Roles and Responsibilities:
Analyze and study complex system requirements from a security perspective
Review existing solution and assist in making refinements improving security
Support defining the program's security requirements
Perform Risk Assessments including vulnerability scans, penetration tests (incl. social engineering), 3rd Party (e.g., vendor) risk assessment, and data-centric risk assessment
Complete Threat Intelligence including internal, external, online threat information sources and indicators of compromise
Perform Security Operations including vulnerability management, data loss/leakage prevention, and incident response
Provide Security Engineering including security architecture, secure software development, and cryptography
Perform static and dynamic analysis of .NET and Java based applications including code reviews
Install/Configure and use tools such as Fortify, HP Scan to perform white box security assessments
Perform intensive analysis of application/platform access control data structures and articulate security requirements
Support Cloud Security including Cloud-based Identify and access management roles, policies, resources and credentials and user provisioning, SAML, openid auth, etc.
To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
Bachelor's degree in a related field (STEM) and at least 5 years' experience.
3 years' experience in all aspects of security engineering
SANS or ISC2 program certifications such as GIAC Web Application Defender, GIAC Secure Software Programmers cert, Certified Secure Software Lifecycle Professional (CSSLP)
Working knowledge of network and web related protocols TCP/IP, UDP, IPSEC, HTTP/S and BGP
Understanding of entire technology stack of networks, databases, applications and endpoints
Maintaining a working knowledge of current security threats
Hands on experience with application security
Understanding of web service technologies such as XML, JSON, SOAP, and REST
Working experience in medium to large program using Agile
Must have a current, active Secret (or higher) clearance. Interim clearance may be considered.
Candidates with these desired skills will be given preferential consideration:
Experience in cloud based environments including deploying solutions on public/hybrid clouds
Experience implementing DevSecOps for large program using Agile, preferably SAFe, development methodology
Excellent communication skills, both verbally and in writing to effectively interact with multiple teams both internal and external
Experience implementing DevSecOps using SonaType platform for a Cloud-based system on a modernization program ensuring existing applications and systems are modernized to satisfy legacy functional requirements
Experience with IBM Rational Collaborative Lifecycle ManagementNorthrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO . U.S. Citizenship is required for most positions.