Lead Product Cyber Security Engineer - Embedded Systems

Job Description Summary

We are currently recruiting for a Product Cyber Security Engineer - Embedded Systems. This role will collaborate with GE Aerospace Avionics development teams to drive threat modelling exercises, lead security-focused architecture and code reviews, perform security tests, and validate security designs across numerous embedded GE Aerospace Avionics products. You will be a development security evangelist and will provide thought leadership & help guide developers in secure product development practices. The successful candidate will be a highly skilled Engineer who has a passion for security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications.

Job Description

Essential Responsibilities:

In this role, you will:

• Supporting product development teams and project execution related activities in support of customer and regulatory product cybersecurity requirements
• Define embedded product cybersecurity objectives, analyze product architectures for security vulnerabilities, evaluate threats and define threat vectors, qualitatively assess cybersecurity risk, define and manage product cybersecurity requirements, coordinate and conduct cybersecurity test activities to verify cybersecurity requirements, and support regulatory certification responses ensuring continued airworthiness
• Coach product development teams on secure design principles, development practices, and product hardening.
• Perform Threat Modelling and Architecture Risk Analysis on products.
• Perform Security Code Reviews, Vulnerability Analysis and research on application code.
• Coach and mentor developers to write and implement cryptography (PKI, Code Signing, etc)
• Guide developers to write secure code and implement secure engineering practices.
• Provide response for security related incidents reported for software products.
• Engage subject matter experts in successful transfer of complex domain knowledge
• Provide guidance and advise on writing secure code that meets standards and delivers desired functionality using the technology selected for the project.
• Audit and exploit applications and systems under development to expose vulnerabilities, and demonstrate possible fixes.
• Analyze and validate completed security improvements and CVE patches.

Minimum Qualifications:

• Bachelor's degree from accredited university or college with minimum of 3 years of professional experience OR Associates degree with minimum of 6 years of professional experience OR High School Diploma with minimum of 8 years of professional experience
• Minimum 3 years of professional experience in embedded systems and applications.
• Note: Military experience is equivalent to professional experience

Due to the nature of the role you will need to be able to meet the below criteria:

• Eligibility to work in the U.S without restriction.
• Possess or are eligible to obtain DOD clearance
• Travel - up to 5%

Eligibility Requirement:

• Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.

Preferred Requirements:

• Experience within an Engineering function.
• Bachelor's degree in computer engineering or in a STEM major (SCIENCE, TECHNOLOGY, ENGINEERING, OR MATH) or equivalent experience.

Desired Characteristics:

• Proficiency in at least one programming language (Java, Node.JS, Python, or C/C++)
• Experience conducting static code reviews and applying security auditing and/or penetration testing principles and tools.
• Knowledge of secure architecture and design principles
• Knowledge of Risk Controls frameworks and procedures (DO-326A, NIST CSF, DOD RMF, NIST800-53, etc.).
• Solid understanding of computer architecture, especially the hardware components, software stack and protocols.
• Experience in security technologies like TPM, Secure Boot, Code Signing, Encryption, etc. This may overlap with experience in embedded systems.
• Solid understanding of applied cryptography fundamentals (Encryption, Authentication, Symmetric Cryptography, Asymmetric Cryptography etc)
• Knowledge/awareness of OWASP Web/API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensating controls.

This role requires access to U.S. export-controlled information. Therefore, employment will be contingent upon the ability to prove that you meet the status of a U.S. Person as one of the following: U.S. lawful permanent resident, U.S. Citizen, have been granted asylee or refugee status (i.e., a protected individual under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)).

Additional Information

GE Aerospace offers a great work environment, professional development, challenging careers, and competitive compensation. GE Aerospace is an Equal Opportunity Employer . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

GE Aerospace will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).

Relocation Assistance Provided: Yes