Sr. Principal Cyber Systems Engineer

RELOCATION ASSISTANCE: No relocation assistance available

CLEARANCE REQUIRED FOR START: No

CLEARANCE TYPE: None

TRAVEL: Yes, 10% of the TimeDescription

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

Northrop Grumman is seeking a technically-savvy Vulnerability Management Engineer to design, implement, and operate our vulnerability and exposure management capabilities. The role will focus on reducing real exploit risk by building automation, integrating security signals into engineering workflows, and shifting compliance to audit ready state. This role is 100% virtual/work from home. This could change depending upon business conditions.

What You Will Do

• Contribute to the design, implementation, and operation of Northrop Grumman's vulnerability and exposure management capabilities, with a focus on reducing real exploit risk and maintaining compliance.
• Build and enhance automation and workflows that ingest, normalize, and prioritize vulnerability signals across multiple sources.
• Develop and improve engineer-facing dashboards and integrations that help teams understand and act on vulnerability risk.
• Work with product and engineering teams to assess vulnerability findings, explain exploitability and impact, and support practical remediation or mitigation approaches.
• Help embed vulnerability signals into existing engineering workflows (CI/CD, PRs, backlogs) to improve visibility and adoption.
• Support validation of remediation efforts to ensure exposure is meaningfully reduced.
• Assist in translating compliance and control requirements into scalable technical implementations.
• Support CMMC and other assessments by validating technical evidence and remediation outcomes.
• Execute technical projects that improve vulnerability visibility, prioritization, and risk reduction.
• Contribute to improving processes, tooling, and automation within the vulnerability management program.

Basic Qualifications:

• Must have, at minimum, a Bachelors Degree with 8 years of relevant Cybersecurity experience OR a Masters Degree with 6 years of relevant Cybersecurity experience.
• Must have solid technical experience in vulnerability management and application security, with hands-on exposure to assessing and prioritizing vulnerability findings.
• Must have demonstrated ability to build or automate technical workflows using scripting with programming languages. Python preferred.
• Must have experience working with application, cloud, or container security in AWS and/or Azure environments.
• Must have working knowledge of security controls and compliance frameworks (e.g., NIST, CIS, FedRAMP), with the ability to apply requirements in practical engineering contexts.
• Ability to reason about exploitability, exposure, and impact beyond severity scores.
• Experience collaborating with engineering teams to support remediation efforts.
• Clear communication skills and ability to explain technical risks to varied audiences.
• Ability to operate effectively in fast-paced environments with evolving priorities.
• Foundational understanding of how vulnerability management fits within broader security and engineering functions.
• Experience with commercial security tooling and ability to interpret tool outputs critically.

Preferred Qualifications:

• Experience building custom scripts, automations, or lightweight data pipelines to improve vulnerability visibility or prioritization.
• Exposure to highly regulated environments (e.g., DoD, FedRAMP Moderate/High) and participation in technical audit preparation.
• Experience integrating vulnerability tooling into CI/CD pipelines or engineering workflows.
• Familiarity with cloud security platforms or security data tooling.
• Experience using AI-assisted development tools to accelerate security automation or analysis.

Primary Level Salary Range: $142,200.00 - $213,200.00

The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.

Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.

The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit http://www.northropgrumman.com/EEO. U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.