Cyber Protection Principal​/Sr. Principal Engineer-AHT Security Clearance

Position: Cyber Protection Principal/Sr. Principal Engineer-AHT with Security Clearance
RELOCATION ASSISTANCE:
Relocation assistance may be available CLEARANCE REQUIRED FOR START:
Yes CLEARANCE TYPE:
Top Secret TRAVEL:
Yes, 10% of the Time Description At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon.

We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

Northrop Grumman Defense Systems (NGDS) is seeking a Cyber Protection Principal Engineer to maintain and enhance capabilities in support of DAF CLOUD works at the Air Force Research Lab (AFRL) in Rome, NY, Warner Robins, GA, or Wright Patterson Air Force Base, OH. DAF CLOUD works is a rapidly growing secure cloud program that encompasses 10+ teams. These teams span all different areas of cloud engineering including information security, infrastructure development, and cloud migration.

You will be an active part of one of these teams providing technical support of customers leveraging DAF CLOUD works. Along with operations and sustainment, DAF CLOUD works focuses on modifying and enhancing offerings to implement new requirements, enhance functionality, increase efficiency, or lower operating/deployment. This role is focused on cloud penetration testing, adversarial emulation, red team operations, and container security assessments within a cleared DoD environment.

The ideal candidate has a strong offensive security background and deep expertise in AWS and Azure environments. This position is contingent on customer funding and approval and may be filled at a level 3 or level 4.
** this position is contingent upon funding/award

Basic Qualifications:

* Level 3:
Bachelor's degree in Science with 5+ years of software development experience;
Master's with 3+ years of relative experience; or an additional 4 years of experience may be considered in lieu of degree.

* Level 4:
Bachelor's degree in Science with 8+ years of software development experience;
Master's with 6+ years of relative experience; or an additional 4 years of experience may be considered in lieu of degree.
* This position requires an active Top Secret/SCI clearance and the ability to obtain an IAT Level II or III certification (Security+, Pentest+, Security

X,) within 60 days of start.

* Deep knowledge of cloud attack paths - IAM privilege escalation, metadata service abuse, misconfigured storage, cross-account trust exploitation, and OAuth/token abuse - is required.

* Proficiency with cloud-native offensive tooling including Pacu (AWS exploitation framework) and AADInternals (Azure/M365 offensive toolkit), alongside enumeration platforms such as Scout Suite, Cloud Fox, Prowler, and ROADtools.

Preferred Qualifications:

* Prior DoD or IC classified environment experience and familiarity with adversary simulation platforms such as Cobalt Strike, Sliver, or Havoc are a strong plus.

* Hands-on practitioner who has operated tools at depth across real engagements, documented findings under active assessment constraints, and can communicate risk clearly to both technical teams and senior leadership.

* Experience developing and executing cyber tabletop exercises including threat scenario design, threat actor emulation planning, and after-action reporting is highly valued.

* Hands-on experience with Docker and Kubernetes security assessments, including container escape techniques, privileged container abuse, K8s RBAC misconfigurations, service account taken abuse, and CI/CD pipeline security across Git Lab, Git Hub Actions, and Jenkins environments.

* Strong scripting skills in Bash, Python, and Power Shell are…