Job Description Summary

Job Description

Essential Responsibilities:

In this role you will:

• Supporting product development teams and project execution related activities in support of customer and regulatory product cybersecurity requirements
• Define embedded product cybersecurity objectives analyze product architectures for security vulnerabilities evaluate threats and define threat vectors qualitatively assess cybersecurity risk define and manage product cybersecurity requirements coordinate and conduct cybersecurity test activities to verify cybersecurity requirements and support regulatory certification responses ensuring continued airworthiness
• Coach product development teams on secure design principles development practices and product hardening.
• Perform Threat Modelling and Architecture Risk Analysis on products.
• Perform Security Code Reviews Vulnerability Analysis and research on application code.
• Coach and mentor developers to write and implement cryptography (PKI Code Signing etc)
• Guide developers to write secure code and implement secure engineering practices.
• Provide response for security related incidents reported for software products.
• Engage subject matter experts in successful transfer of complex domain knowledge
• Provide guidance and advise on writing secure code that meets standards and delivers desired functionality using the technology selected for the project.
• Audit and exploit applications and systems under development to expose vulnerabilities and demonstrate possible fixes.
• Analyze and validate completed security improvements and CVE patches.

Minimum Qualifications:

• Bachelors degree from accredited university or college with minimum of5years of professional experience OR Associates degree with minimum of 8 years of professional experience OR High School Diploma with minimum of10years of professional experience
• Minimum 5 years of professional experience in embedded systems and applications.
• Note: Military experience is equivalent to professional experience

Due to the nature of the role you will need to be able to meet the below criteria:

• Eligibility to work in the U.S without restriction.
• Possess or are eligible to obtain DOD clearance
• Travel - up to 5%

Eligibility Requirement:

• Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas now or in the future for this job.

Preferred Requirements:

• Experience within an Engineering function.
• Bachelors degree in computer engineering or in a STEM major (SCIENCE TECHNOLOGY ENGINEERING OR MATH) or equivalent experience.

Desired Characteristics:

• Proficiency in at least one programming language (Java Python or C/C)
• Experience conducting static code reviews and applying security auditing and/or penetration testing principles and tools.
• Knowledge of secure architecture and design principles
• Knowledge of Risk Controls frameworks and procedures (DO-326A NIST CSF DOD RMF NIST800-53 etc.).
• Solid understanding of computer architecture especially the hardware components software stack and protocols.
• Experience in security technologies like TPM Secure Boot Code Signing Encryption etc. This may overlap with experience in embedded systems.
• Solid understanding of applied cryptography fundamentals (Encryption Authentication Symmetric Cryptography Asymmetric Cryptography etc)
• Knowledge/awareness of OWASP Web/API vulnerabilities (CSRF XSS SQLI etc.) and compensating controls.

This role requires access to U.S. export-controlled information. Therefore employment will be contingent upon the ability to prove that you meet the status of a U.S. Person as one of the following: U.S. lawful permanent resident U.S. Citizen have been granted asylee or refugee status (i.e. a protected individual under the Immigration and Naturalization Act 8 U.S.C. 1324b(a)(3)).

Additional Information