Resumen del rol

Sr. Principal Engineer, Product Cyber Vulnerability Assessment

Requisitos y responsabilidades

Contenido del rol extraído en secciones para revisar más rápido.

Key Responsibilities

  • Conduct comprehensive cybersecurity evaluations of RTX products across embedded systems, mission systems, avionics, space platforms, hardware/software integrated systems, and cloud-connected components.
  • Assess product attack surfaces, interfaces, workflows, and security controls to identify weaknesses that could impact mission performance, safety, or resilience.
  • Perform system-level risk assessments and deliver prioritized mitigation recommendations tailored to product requirements and operational environments.
  • Review and analyze design artifacts, system behaviors, interface specifications, and product architectures to identify potential vulnerabilities or insecure implementation choices.

Key Responsibilities

  • Plan, execute, and lead advanced vulnerability analysis and penetration testing activities as part of end‑to‑end product cybersecurity assessments.
  • Validate vulnerabilities and test exploitation feasibility across software, hardware, network, and physical attack surfaces across a broad range to RTX technologies – including both traditional IT systems and embedded systems.
  • Simulate adversary behaviors to demonstrate realistic risk and help product teams identify areas needing hardening or redesign.
  • Communicate findings clearly and provide actionable, prioritized remediation guidance to engineering and leadership stakeholders.

Key Responsibilities

  • Evaluate product architectures, design approaches, interface definitions, data flows, and security controls for cybersecurity weaknesses.
  • Conduct threat modeling, analyze attack paths, review cybersecurity requirements, and assess alignment with secure design principles.
  • Identify cybersecurity gaps early in the development lifecycle and guide engineering teams on integrating effective mitigations.
  • Collaborate with program architects, engineers, and product owners to ensure secure design practices are implemented throughout development.

Key Responsibilities

  • Provide cybersecurity insight during initial product concept, requirements development, and early design phases.
  • Support development teams with secure coding practices, configuration recommendations, and risk-based technical guidance.
  • Validate implementation of mitigations and participate in verification and validation phases to help sustain a strong product cybersecurity posture.
  • Assist programs in understanding and improving their security readiness at any stage of the product lifecycle.

Key Responsibilities

  • Deliver cybersecurity training to systems, software, test, and product engineering teams, supporting PCsC’s enterprise training mission.
  • Own and maintain at least one training course, ensuring content reflects current threats, secure design principles, assessment techniques, and product-specific considerations.
  • Develop hands-on labs and real-world scenarios to help engineers understand vulnerabilities and best practices.
  • Work with other PCsC service areas to ensure cohesive, integrated product security support across programs.

Technical Leadership & Enterprise Impact

  • Serve as a senior subject-matter expert influencing cybersecurity decisions, risk evaluation, and secure engineering practices across multiple programs.
  • Enhance cybersecurity assessment methodologies, automation approaches, and toolchains to improve consistency and efficiency across the enterprise – including the incorporation of AI and cutting edge technologies into processes.
  • Provide thought leadership for the development of secure, resilient RTX products by advocating for best practices and emerging techniques.
  • Mentor peers and share expertise across the broader product cybersecurity community.

Qualifications You Must Have

  • Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related technical discipline.
  • 10+ years of experience in vulnerability assessment, penetration testing, offensive security, product cybersecurity, or similar hands‑on cybersecurity disciplines.
  • Strong proficiency with penetration testing and vulnerability analysis tools and techniques (e.g., Nmap, Burp Suite, Metasploit, OWASP ZAP, Ghidra, IDA Pro, JTAGulator, Bus Pirate, ChipWhisperer).
  • Experience delivering and developing material to a broad audience – including both technical and leadership positions (e.g., teaching, training, conference presentations, customer presentations).
  • Professional certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GDSA, CISSP, or equivalent.
  • The ability to obtain and maintain a U.S. government issued security clearance is required. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance

Qualifications We Prefer

  • 12+ years of experience in product cybersecurity, secure product development, offensive security research, or advanced vulnerability analysis.
  • Experience performing or contributing to product design assessments, threat modeling, and secure design evaluations.
  • Familiarity with secure development practices, DevSecOps pipelines, and automated testing or scanning methods.
  • Experience with traditional networking and communication protocols (e.g., TCP, UDP, IPSEC, HTTP/S,REST) as well as aviation and industrial bus standards such as ARINC 429, ARINC 664, MIL‑STD‑1553, CAN/CANbus, and related embedded communication protocols.
  • Experience using AI/ML for testing, analysis, or automation.
  • Advanced offensive security certifications (OSEE, OSED, OSCE3, GXPN, GREM, GSE).
  • Experience with scripting or automation (Python, PowerShell, Bash, etc.).
  • Demonstrated thought leadership through publications, conference participation, research, or open-source contributions.
  • Experience evaluating product designs, architectures, system interfaces, and data flows for potential weaknesses.
  • Experience with reading code or evaluating software code bases written in a variety of languages (C, C++, Java, etc)
Roles similares

Mantén una lista de respaldo.

Ver stack
FocoCybersecurityÁrea del rol
Señal de senioritySeniorNivel del candidato
StackJava, Python, RESTSkills principales
Ubicación1 país aceptadoElegibilidad

Stack

Usa estas tags para comparar roles remotos similares.

Elegibilidad de ubicación

Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.

Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.

Flujo de contratación

WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.

1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.