Senior Principal Engineer, Product Cyber Vulnerability Assessment

📋 Description

• Conduct thorough cybersecurity assessments of RTX products encompassing embedded systems, mission systems, avionics, space platforms, integrated hardware/software systems, and cloud-connected components.

• Evaluate product attack surfaces, interfaces, workflows, and security controls to pinpoint vulnerabilities that may affect mission performance, safety, or resilience.

• Execute system-level risk assessments and provide prioritized mitigation strategies customized to product specifications and operational contexts.

• Analyze design artifacts, system behaviors, interface specifications, and product architectures to discover potential vulnerabilities or insecure implementation choices.

• Plan, execute, and oversee advanced vulnerability analysis and penetration testing initiatives as part of comprehensive product cybersecurity evaluations.

• Verify vulnerabilities and assess exploitation feasibility across software, hardware, network, and physical attack surfaces involving a wide range of RTX technologies – including both traditional IT systems and embedded systems.

• Simulate adversarial actions to illustrate realistic risks and assist product teams in identifying areas that require fortification or redesign.

• Clearly communicate findings and offer actionable, prioritized remediation recommendations to engineering and leadership stakeholders.

• Assess product architectures, design methodologies, interface definitions, data flows, and security controls for cybersecurity vulnerabilities.

• Conduct threat modeling, analyze attack vectors, review cybersecurity requirements, and evaluate alignment with secure design principles.

• Identify cybersecurity deficiencies early in the development lifecycle and advise engineering teams on incorporating effective mitigations.

• Collaborate with program architects, engineers, and product owners to ensure secure design methodologies are adopted throughout development.

• Provide cybersecurity insights during initial product conception, requirements development, and early design stages.

• Assist development teams with secure coding practices, configuration recommendations, and risk-based technical advice.

• Validate the implementation of mitigations and partake in verification and validation phases to maintain a robust product cybersecurity posture.

• Deliver cybersecurity training to systems, software, testing, and product engineering teams, supporting PCsC’s enterprise training objectives.

⛳️ Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or a related technical field.

• Over 10 years of experience in vulnerability assessment, penetration testing, offensive security, product cybersecurity, or similar practical cybersecurity roles.

• Strong expertise with penetration testing and vulnerability analysis tools and techniques (e.g., Nmap, Burp Suite, Metasploit, OWASP ZAP, Ghidra, IDA Pro, JTAGulator, Bus Pirate, ChipWhisperer).

• Experience in creating and delivering content to diverse audiences – including both technical and leadership roles (e.g., teaching, training, conference talks, customer presentations).

• Professional certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GDSA, CISSP, or equivalent are preferred.

• The ability to obtain and maintain a U.S. government-issued security clearance is mandatory.

• U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance.

🏝️ Benefits

• Medical

• Dental

• Vision

• Life insurance

• Short-term disability

• Long-term disability

• 401(k) match

• Flexible spending accounts

• Flexible work schedules

• Employee assistance program

• Employee Scholar Program

• Parental leave

• Paid time off

• Holidays