A key member of the Product Cyber Security (PCS) team, we are actively seeking a Product Cyber Security Engineer in a permanent role capacity. This role will work to the PCS Lead and will provide Product Cyber Security expertise in support of historic, current, and future, business. The role will be primarily involved with those activities that contribute to the achievement of formal accreditation for products contained within Northrop Grumman’s UK Defence portfolio.
Different thinking for a Different world
Northrop Grumman is a dynamic global security company providing innovative systems, products and solutions worldwide. We have over 2,500 employees across Europe and a rapidly expanding UK operation.
In Northrop Grumman’s rapidly growing UK Defence business, we support our customers’ work to create world-class mission capabilities.
As a part of Northrop Grumman you will use your skills to make a difference in our mission of enabling global security. Our company grows because of our employees' dedication and commitment to achieving this goal.
With a belief in rewarding the dedication shown by our staff, Northrop Grumman gives employees access to a benefits package that provides you with health& well-being benefits, discount schemes, pension benefits and investment in your future development, but most importantly the flexibility to balance your professional career with your personal life.
How you will make a difference
The successful candidate will work on an innovative industrial controls system (ICS) to ensure the generation, design, implementation and verification of Information Assurance and Cyber Security requirements. The candidate will be expected to be hands on, working from abstract requirements through to detailed design and into implementation and test verification.
In verification they will lead on specifying detailed test criteria by operating closely with the implementation team and will be expected to be able to conduct a significant degree of the formal technical testing themselves in addition to the production of high-quality reports.
This role sits alongside others being provided by the mechanical and electrical, architecture, and network and communications teams, whilst working to the primary Control Systems team which is responsible for security functionality and outcomes; excellent technical and communications skills are a pre-requisite.
Essential qualifications / experience:
- A demonstrable track-record of successful Information Assurance / Product Cyber Security work;
- A broad information assurance mind-set, able to assimilate and consider issues from the technical, process and business perspective, supported by a pragmatic attitude to the implementation of security within a defence environment;
- A sound understanding of the procedures required to identify, quantify and address information assurance or cyber vulnerabilities within a product, project and organisation;
- Experience of the development and implementation of appropriate risk mitigation plans, policies, processes and technical controls;
- Excellent communication skills, both written and oral;
- Experience with formal accreditation processes, e.g. JSP440, HMG IS1/2;
- Experience in the conduct of Vulnerability Testing and reporting;
- Experience of cyber / technical security within an Industrial Control environment, regardless of Industry Sector;
- Formal and relevant qualifications, such as: CISSP, NCSC Certified MSc
- Maritime Industrial Control Systems
- Knowledge of IEC/ISA 62443 standards and their implementation in Industrial Control Systems, MITRE ATT&CK & ATT&CK ICS
- Varied knowledge of manufacturers equipment's, technology and controls system applications for Industrial Control Systems implementation
- Communication and networking systems used in Industrial Control Systems networks controlling plant and machinery
- Experience with vulnerability scanning tools such as Nessus
- Ethical Hacking testing certification
- Requirements management, interface control documents, and writing policy, procedures and instructions
- MOD Accreditation Process
- Travel requirements: Occasional UK travel may be required to attend team / customer meetings and training activities
- Clearance requirements: Post-holder must be capable of securing, and holding, UK SC clearance