Cyber Software Security Engineer (Level 2 or Level 3)Redondo Beach, CA

Requisition ID: R10178754

  • Category: Engineering

  • Location: Redondo Beach, California, United States of America

  • Clearance Type: Secret

  • Telecommute: No- Teleworking not available for this position

  • Shift: 1st Shift (United States of America)

  • Travel Required: Yes, 10% of the Time

  • Relocation Assistance: Relocation assistance may be available

  • Positions Available: 2

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

Join Northrop Grumman on our continued mission to push the boundaries of possible across land, sea, air, space, and cyberspace. Enjoy a culture where your voice is valued and start contributing to our team of passionate professionals providing real-life solutions to our world’s biggest challenges. We take pride in creating purposeful work and allowing our employees to grow and achieve their goals every day by Defining Possible. With our competitive pay and comprehensive benefits, we have the right opportunities to fit your life and launch your career today.

We are seeking an experienced Cyber Software Security Engineer (Level 2 or Level 3) to join our cybersecurity team of qualified, diverse individuals within our software organization. This role is located in Redondo Beach, CA operating on our 9/80 schedule meaning you will get every other Friday off. The position has No Remote or Hybrid work available.

This is a DevSecOps position in an Agile development environment focused on building security into embedded systems. The Cyber Software Security Engineer will focus on software security assurance activities, such as Static and Dynamic security scanning of code, application layer hardening, ensuring Secure Coding Best Practices are followed, and environment/infrastructure hardening per CM Standards (STIGs).

Candidate will be Working as an independent, technical contributor in an Agile engineering environment, where the Cyber Software Security Engineer will identify and prioritize software security requirements.

Essential Duties:

  • Conduct Static Code Analysis (SCA) using scanning tools (e.g. Fortify, Coverity)

  • Triage and allocate findings as technical debt in the SwDLC backlog

  • Advise software development scrum teams on secure coding practices; conduct security-focused engineering trade studies and other security best practices

  • Conduct system vulnerability scans, remediation and patch management activities on operating systems and various COTS/GOTS applications, including those within virtualized and/or cloud environments.

  • Adjudicating software security tool findings by working with software developers, systems engineers, and other engineering disciplines to resolve technical and programmatic cybersecurity concerns.

  • Collaborate with software development teams to integrate security best practices throughout the software development lifecycle (SDLC)

  • Advocate for the use of DevSecOps methodologies, and ensure security is embedded into the CI/CD pipeline from the start

  • Verify implementation if code quality checks, automated security testing, and coding standards (e.g., OWASP Top 10, SANS, CWE, Etc..).

Basic Qualifications:

  • Level 2 - Bachelor’s Degree in a Science, Technology, Engineering or Mathematics (STEM) discipline from an accredited university with 2 Years experience; OR a master’s degree in a Science, Technology, Engineering or Mathematics (STEM) discipline from an accredited university with 0 Years experience

  • Level 3 - Bachelor’s Degree in a Science, Technology, Engineering or Mathematics (STEM) discipline from an accredited university with 5 Years experience; OR a master’s degree in a Science, Technology, Engineering or Mathematics (STEM) discipline from an accredited university with 3 Years experience; OR a PhD in a Science, Technology, Engineering or Mathematics (STEM) discipline from an accredited university with 1 Years experience

  • A current Active DoD Secret clearance

  • Must be able to obtain and maintain Special Program Access

  • Ability to obtain a IAT Level II (CompTIA Security+) certification within 6 months of hire

  • Experience with Software Test/Development and use of static code analysis tools (Fortify, Coverity)

  • Working knowledge of programming/scripting languages (e.g. C, C++, Python)

  • Experience identifying vulnerabilities, assessing risk, and providing mitigation recommendations

Preferred Qualifications:

  • Minimum 3 years’ experience in the Defense Aerospace Industry

  • Active TS security clearance

  • Current IAT level II (or higher) certification (Security+ CE)

  • Experience working in restricted facilities, and Demonstrated knowledge and experience in the following:

  • Participating in Systems Engineering milestone reviews

  • Experience with Bamboo and/or Jenkins, or similar CI/CD tools

  • Ability to analyze user requirements and derive cyber and performance requirements

  • Ability to debug existing software and correct defects

  • Experience with common pipeline scripting languages

  • Familiarity with the Atlassian tool suite

  • Familiarity with the Agile software development process

  • Experience with networking basics and security principles

  • Familiarity with Systems Engineering processes and milestones

  • understanding of the requirements analysis, decomposition, and allocation process

  • Experience with Risk Management Framework, Security Controls and STIGs

  • Experience conducting Static Code Analysis (SCA) using scanning tools (e.g. Fortify, Coverity)

Salary Range: $89,400 - $134,200

Salary Range 2: $110,300 - $165,500

The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.

Employees may be eligible for a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.

The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit. U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.