At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.
A key member of the Product Cyber Security (PCS) team, this role will work to the PCS Manager and will be the first of its kind within the recently formed Defence Operating Unit.
Northrop Grumman continue to supply world-class equipment to a range of Defence Customers and, because of the nature of these products, they often have very long in-service lives. The rapid evolution of modern Cyber Threats necessitates a continuous regime of identifying risks to these products and advocating appropriate mitigations – that is what this role is all about.
The ideal candidate will have some Vulnerability Management (VM) experience already – they will know what ‘good’ looks like when it comes to a VM process and will have the knowledge, skills, personality and force-of-will to not only make things happen, but also to make them better.
Naturally, a capability such as this does not exist in isolation and the candidate will be prepared to build, and foster, new relationships within the existing business, particularly within the existing engineering teams, with whom they will be closely working.
The scope of this responsibility may be different to other similar roles that currently exist – our products are a tightly-coupled mix of Enterprise IT (e.g. Windows and Linux servers) and Operational Technology (e.g. Programmable Logic Controllers, Industrial Switches, SCADA) and, whilst the candidate is not expected to be an expert in these domains, some knowledge or previous exposure is highly desirable.
This is a domain that is set to grow and, drawing heavily upon the skills present elsewhere in the business (such as Machine Learning and Penetration Testing), the candidate will be encouraged to expand their knowledge in order to ensure that we are offering the best-of-class service that our Customers deserve.
- The creation, and operation, of a Vulnerability Management solution for products within the Defence Operating Unit;
- Generation of policies and procedures in support of Vulnerability Management;
- Support initiatives to embed Vulnerability Management within specific project teams and throughout the wider Defence Operating Unit;
- Support the Product Cyber Security Manager in discharging their security accountabilities, working across a variety of Information Assurance and Cyber Security related topics;
- Communicate complex technical issues and solutions to technical and non-technical stakeholders;
- Ensure excellent client service;
- Build strong and enduring relationships within the company and with our clients;
- Be a credible, charismatic and knowledgeable envoy for the role of Vulnerability Management within a modern business;
Essential qualifications / experience:
- A demonstrable track-record of having worked in the Vulnerability Management field (regardless of domain) for at least three years;
- A sound understanding of the procedures required to identify, quantify and address vulnerabilities within a product, project and organisation;
- A broad information assurance mind-set, able to assimilate and consider issues from the technical, process and business perspective, supported by a pragmatic attitude to the implementation of effective mitigations within a defence environment;
- Experience of the development and implementation of appropriate plans, policies, processes and technical controls;
- Excellent communication skills, both written and oral;
Desirable qualifications / experience
- Experience of cyber / technical security within an Industrial Control environment, regardless of Industry Sector;
- Able to generate sensible, rational and comprehensible analysis in support of pragmatic risk treatment plans;
- Experience in the conduct of Vulnerability Testing and reporting;
- Formal and relevant qualifications, such as: CISSP, NCSC Certified Training (NCT);
- Penetration Testing / Certified Ethical Hacker qualifications;
- Knowledge / experience of Industrial Control Systems;
- Varied knowledge of manufacturers equipment's, technology and controls system applications for Industrial Control Systems implementation;
- Experience with vulnerability scanning tools such as Nessus;
- Travel requirements: Occasional UK travel may be required to attend team / customer meetings and training activities;
- Looking for flexibility? We offer a hybrid working environment, speak to us about what is possible;
- Clearance requirements: Post-holder must be capable of securing, and holding, UK SC clearance;
Northrop Grumman is committed to equality and diversity in our workplace. Northrop Grumman provides equal employment opportunity to all employees and applicants without regard to an individual's protected status, including race/ethnic origin, color, nationality, national origin, ancestry, sex/gender, gender identity/expression, gender reassignment, sexual orientation, marriage/civil partnership, pregnancy/maternity, religion or belief, creed, age, disability, genetic information, or any other protected status or characteristic.