My role as a Software Engineering Project Lead at Northrop Grumman has been centered on designing software systems that operate in a security critical and compliance driven environment. From the beginning of the project, I had to think beyond implementation details and focus on how software artifacts interact with regulatory requirements, risk assessment processes, and operational decision making. Our work focused on building an automated platform to screen third party software against the NIST CVE database, which required me to develop a detailed understanding of vulnerability data formats, severity scoring, and remediation workflows.
A major part of my responsibility involved translating high level security and compliance needs into precise technical designs. Rather than working from a fixed specification, I collaborated with stakeholders to clarify how vulnerability severity should be interpreted, how results should be aggregated, and how findings should be presented for downstream approval. This required designing data models, ingestion workflows, and validation logic that were robust to incomplete or inconsistent CVE records. I learned how important it is to document assumptions explicitly and design systems that are resilient to ambiguous inputs.
As we prototyped logic to identify High and Critical vulnerabilities, I became increasingly aware of the tradeoffs involved in automation for security applications. False positives can introduce unnecessary delays, while false negatives carry serious risk. This experience pushed me to think carefully about threshold selection, traceability, and explainability. It strengthened my interest in building software systems that balance efficiency with trust and that can withstand technical and organizational scrutiny.