Vulnerability Management Lead

Description  

Join Northrop Grumman on our continued mission to push the boundaries of possible across land, sea, air, space, and cyberspace. Enjoy a culture where your voice is valued and start contributing to our team of passionate professionals providing real-life solutions to our world’s biggest challenges. We take pride in creating purposeful work and allowing our employees to grow and achieve their goals every day by Defining Possible. With our competitive pay and comprehensive benefits, we have the right opportunities to fit your life and launch your career today.

A key member of the Product Cyber Security (PCS) team, this role will work to the PCS Manager and will be the first of its kind within the recently formed Defence Operation Unit.

Northrop Grumman continue to supply world-class equipment to a range of UK Defence Customers and, because of the nature of these products, they often have very long in-service lives.  The rapid evolution of modern Cyber Threats necessitates a continuous regime of identifying risks to these products and advocating appropriate mitigations and this is what this role is all about.

Because this is a ‘green field’ opportunity, the ideal candidate will have some Vulnerability Management experience already – they will know what ‘good’ looks like and will have the knowledge, skills, personality and force-of-will to make things happen.

Naturally, a capability such as this does not exist in isolation and the candidate will understand this and will be prepared to build, and foster, new relationships within the existing business, particularly within the existing engineering teams.

The scope of this responsibility may be different to other similar roles that currently exist – our products are a tightly-coupled mix of enterprise IT (e.g. Windows and Linux servers) and Operational Technology (e.g. Programmable Logic Controllers, Industrial Switches, SCADA) and, whilst the candidate does not have to be an expert in these domains, some knowledge or previous exposure is highly desirable.

This is a domain that is set to grow, particularly in the realm of automation, drawing heavily upon the skills present elsewhere in the business, such as Machine Learning and Penetration Testing and the candidate will be encouraged to expand their knowledge in order to ensure that we are offering the best-of-class service that our Customers deserve.

Key Responsibilities

• The creation, and operation, of a Vulnerability Management solution for products within the Defence Operating Unit;
• Generation of policies and procedures in support of Vulnerability Management;
• Support initiatives to embed Vulnerability Management within specific project teams and throughout the wider Defence Operating Unit;
• Support the Product Cyber Security Manager in discharging their security accountabilities, working across a variety of Information Assurance and Cyber Security related topics;
• Communicate complex technical issues and solutions to technical and non-technical stakeholders;
• Ensure excellent client service;
• Build strong and enduring relationships within the company and with our clients;
• Be a credible, charismatic and knowledgeable envoy for the role of Vulnerability Management within a modern business;

Person Specification

Essential qualifications / experience: 

• A demonstrable track-record of having worked in the Vulnerability Management field (regardless of domain) for at least three years;
• A sound understanding of the procedures required to identify, quantify and address vulnerabilities within a product, project and organisation;
• A broad information assurance mind-set, able to assimilate and consider issues from the technical, process and business perspective, supported by a pragmatic attitude to the implementation of effective mitigations within a defence environment;
• Experience of the development and implementation of appropriate plans, policies, processes and technical controls;
• Excellent communication skills, both written and oral;

Desirable qualifications / experience 

• Experience of cyber / technical security within an Industrial Control environment, regardless of Industry Sector;
• Able to generate sensible, rational and comprehensible analysis in support of pragmatic risk treatment plans;
• Experience in the conduct of Vulnerability Testing and reporting;

• Formal and relevant qualifications, such as: CISSP, NCSC Certified Training (NCT);
• Penetration Testing / Certified Ethical Hacker qualifications;
• Knowledge / experience of Industrial Control Systems;
• Varied knowledge of manufacturers equipment's, technology and controls system applications for Industrial Control Systems implementation;
• Experience with vulnerability scanning tools such as Nessus;
• Knowledge / experience of: Cyber Threat Intelligence sources and analysis, Software application integration and automation, Data Science and Knowledge Engineering.

Competency / Skill requirements

• Adept at problem-solving, able to develop solutions to a variety of problems;
• Good attention to detail;
• Organised, adept at workload management and prioritising appropriately to meet deadlines;
• Flexible and responsive to changing priorities;
• Proactive team worker, equally self-motivated and able to work autonomously;
• Good interpersonal skills, able to engage effectively with all audiences/stakeholders;
• Fluent in written and spoken English;
• Strong customer focus ;
• Engaging ‘can do’ attitude;

Other requirements

• Travel requirements: Occasional UK travel may be required to attend team / customer meetings and training activities;
• Looking for flexibility? We offer a hybrid working environment, speak to us about what is possible;
• Clearance requirements: Post-holder must be capable of securing, and holding, UK SC clearance;

Northrop Grumman is committed to equality and diversity in our workplace. Northrop Grumman provides equal employment opportunity to all employees and applicants without regard to an individual's protected status, including race/ethnic origin, color, nationality, national origin, ancestry, sex/gender, gender identity/expression, gender reassignment, sexual orientation, marriage/civil partnership, pregnancy/maternity, religion or belief, creed, age, disability, genetic information, or any other protected status or characteristic.