Senior Cybersecurity Engineer - Embedded Avionics; ONSITE

Overview

Location
: US-IA-CEDAR RAPIDS-107 ~ 400 Collins Rd NE ~ BLDG 107
Date Posted
:
Country
:
United States of America
Position Role Type
:
Onsite
U.S. Citizen, U.S. Person, or Immigration Status Requirements
:
The ability to obtain and maintain a U.S. government issued security clearance is required. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance
Security Clearance Type
:
DoD Clearance:
Secret
Security Clearance Status
:
Active and existing security clearance required after day 1

The Embedded Product Cybersecurity Engineering team needs a Senior Software Security Engineer to meet our commitment to product cybersecurity excellence in both commercial and military avionics. As a member of this shared service team, you will ensure the secure design, secure development and security verification testing of new or updated systems. This team supports security needs throughout the company wherever the customer has security requirements or where a system will be exposed to cyber threats.

We specialize in developing custom tools and testing techniques to uncover residual defects in our products design and/or implementation. Members of the Cybersecurity Engineering team excel by embedding with the design and implementation teams as the product cybersecurity subject matter expert supporting our Secure Systems Development Life Cycle (SSDLC) through an emphasis on Airworthiness Security and National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

The ideal candidate will possess the technical breadth and adaptability to seamlessly navigate and contribute to both Commercial and Military sector cybersecurity requirements. This is an onsite position based in Cedar Rapids, Iowa.

• Developing threat models and data flow diagrams to ensure information can be properly isolated in motion and at rest
• Conducting vulnerability assessments of proposed and fielded systems
• Collaborating with product architects and software development teams to mitigate security threats
• Reviewing code to identify weaknesses in the implementation of security functions
• Developing and executing fuzzing and penetration tests to evaluate product robustness to untrusted inputs
• Creating custom security testing tools that utilize aerospace specific protocols
• Implementing mandatory access controls (MAC) through the development of Security Enhanced Linux (SELinux) policies
• Supporting multiple product security efforts concurrently
• Guiding the organization throughout the SSDLC
• Authoring of Risk Management Framework (RMF) artifacts
• Candidates for this position should be fluent in the software / systems engineering domain and have a passion for cybersecurity. Being a CISSP or (ISC)2 Associate is desirable.
• Use excellent communications skills to communicate technical issues and status in both written and oral form.
• Be adaptable to change, determined to accomplish tasks based on program schedule
• Collaborate with teammates in order to learn and make good decisions
• Enjoy learning new technologies, and contribute to a positive work environment.

• Typically requires a degree in Science, Technology, Engineering or Mathematics (STEM) and minimum 5 years prior relevant experience or an Advanced Degree in a related field and minimum 3 years of experience
• U.S. Citizenship is required - The ability to obtain and maintain a U.S. government issued security clearance is required. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance
• Embedded software development experience in Linux OS environment
• Experience coding in C, C++, Python, other scripting languages
• Networking experience - Layer 2/Layer 3/Layer 4 protocols

• Experience creating and analyzing Threat Models and Data Flow Diagrams
• Analysis of system and application security architectures
• Conducting system and application vulnerability assessments
• Data/network security implementations with Linux OS
• Understanding tailoring and hardening of Linux OS
• System and Application Penetration Testing skills
• Hands-on experience with SAST and collaborating with developers to resolve findings
• Creating System & Application Fuzzing / Resiliency Tests
• SELinux Policy Development
• Experience with Public Key Infrastructure (PKI) device certificate management
• Experience or knowledge of RTCA DO-326A / DO-356A
• Experience with Risk Management Framework (RMF)

• Medical, dental, and vision insurance
• Three weeks of vacation for newly hired employees
• Generous 401(k) plan that includes employer matching funds and separate employer retirement contribution, including a Lifetime Income Strategy option
• Tuition reimbursement program
• Student Loan Repayment Program
• Life insurance and disability coverage
• Optional coverages you can buy pet insurance, home and auto insurance, additional life and accident insurance, critical illness insurance, group legal,  protection
• Birth, adoption, parental leave benefits
• Ovia Health, fertility, and…