Vulnerability Management Lead

Requisition ID: R10007803

  • Category IconCategory: Engineering
  • Location IconLocation: New Malden - POST-LON, United Kingdom
  • Citizenship IconCitizenship Required: United Kingdom Citizenship
  • Clearance IconClearance Type: Security Check (SC)
  • Telecommute IconTelecommute: Yes- May Consider Occasional/Part-Time Teleworking for this position
  • Travel IconTravel Required: No
  • Positions IconPositions Available: 1

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

A key member of the Product Cyber Security (PCS) team, this role will work to the PCS Manager and will be the first of its kind within the recently formed Defence Operation Unit.Northrop Grumman continue to supply world-class equipment to a range of UK Defence Customers and, because of the nature of these products, they often have very long in-service lives.  The rapid evolution of modern Cyber Threats necessitates a continuous regime of identifying risks to these products and advocating appropriate mitigations and this is what this role is all about.Because this is a ‘green field’ opportunity, the ideal candidate will have some Vulnerability Management experience already – they will know what ‘good’ looks like and will have the knowledge, skills, personality and force-of-will to make things happen.Naturally, a capability such as this does not exist in isolation and the candidate will understand this and will be prepared to build, and foster, new relationships within the existing business, particularly within the existing engineering teams.The scope of this responsibility may be different to other similar roles that currently exist – our products are a tightly-coupled mix of enterprise IT (e.g. Windows and Linux servers) and Operational Technology (e.g. Programmable Logic Controllers, Industrial Switches, SCADA) and, whilst the candidate does not have to be an expert in these domains, some knowledge or previous exposure is highly desirable.This is a domain that is set to grow, particularly in the realm of automation, drawing heavily upon the skills present elsewhere in the business, such as Machine Learning and Penetration Testing and the candidate will be encouraged to expand their knowledge in order to ensure that we are offering the best-of-class service that our Customers deserve.Key Responsibilities
  • The creation, and operation, of a Vulnerability Management solution for products within the Defence Operating Unit;
  • Generation of policies and procedures in support of Vulnerability Management;
  • Support initiatives to embed Vulnerability Management within specific project teams and throughout the wider Defence Operating Unit;
  • Support the Product Cyber Security Manager in discharging their security accountabilities, working across a variety of Information Assurance and Cyber Security related topics;
  • Communicate complex technical issues and solutions to technical and non-technical stakeholders;
  • Ensure excellent client service;
  • Build strong and enduring relationships within the company and with our clients;
  • Be a credible, charismatic and knowledgeable envoy for the role of Vulnerability Management within a modern business;
Person SpecificationEssential qualifications / experience: 
  • A demonstrable track-record of having worked in the Vulnerability Management field (regardless of domain) for at least three years;
  • A sound understanding of the procedures required to identify, quantify and address vulnerabilities within a product, project and organisation;
  • A broad information assurance mind-set, able to assimilate and consider issues from the technical, process and business perspective, supported by a pragmatic attitude to the implementation of effective mitigations within a defence environment;
  • Experience of the development and implementation of appropriate plans, policies, processes and technical controls;
  • Excellent communication skills, both written and oral;
Desirable qualifications / experience 
  • Experience of cyber / technical security within an Industrial Control environment, regardless of Industry Sector;
  • Able to generate sensible, rational and comprehensible analysis in support of pragmatic risk treatment plans;
  • Experience in the conduct of Vulnerability Testing and reporting;
  • Formal and relevant qualifications, such as: CISSP, NCSC Certified Training (NCT);
  • Penetration Testing / Certified Ethical Hacker qualifications;
  • Knowledge / experience of Industrial Control Systems;
  • Varied knowledge of manufacturers equipment's, technology and controls system applications for Industrial Control Systems implementation;
  • Experience with vulnerability scanning tools such as Nessus;
  • Knowledge / experience of: Cyber Threat Intelligence sources and analysis, Software application integration and automation, Data Science and Knowledge Engineering.
Competency / Skill requirements
  • Adept at problem-solving, able to develop solutions to a variety of problems;
  • Good attention to detail;
  • Organised, adept at workload management and prioritising appropriately to meet deadlines;
  • Flexible and responsive to changing priorities;
  • Proactive team worker, equally self-motivated and able to work autonomously;
  • Good interpersonal skills, able to engage effectively with all audiences/stakeholders;
  • Fluent in written and spoken English;
  • Strong customer focus ;
  • Engaging ‘can do’ attitude;
Other requirements
  • Travel requirements: Occasional UK travel may be required to attend team / customer meetings and training activities;
  • Looking for flexibility? We offer a hybrid working environment, speak to us about what is possible;
  • Clearance requirements: Post-holder must be capable of securing, and holding, UK SC clearance;

Northrop Grumman is committed to equality and diversity in our workplace. Northrop Grumman provides equal employment opportunity to all employees and applicants without regard to an individual's protected status, including race/ethnic origin, color, nationality, national origin, ancestry, sex/gender, gender identity/expression, gender reassignment, sexual orientation, marriage/civil partnership, pregnancy/maternity, religion or belief, creed, age, disability, genetic information, or any other protected status or characteristic.

Apply Now


Apply Now

What's great about
Northrop Grumman

  1. Be part of a culture that thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work.
  2. Use your skills to build and deliver innovative tech solutions that protect the world and shape a better future.
  3. Enjoy benefits like work-life balance, education assistance and paid time off.

Did you know?

We offer an array of benefits to give you the support you need, including matching 401K, tuition assistance, health insurance and wellness options, coaching, mentoring and more.