Embedded Product Cybersecurity Engineer II (Onsite - Cedar Rapids, IA)

About The Position

Requirements

• Typically requires a degree in Science, Technology, Engineering or Mathematics (STEM) and minimum 2 years of prior relevant experience or an Advanced Degree in a related field
• U.S. Citizenship is required; the ability to obtain and maintain a U.S. government issued security clearance is required.
• Embedded software engineering knowledge (Python and Java/C/C++)
• Networking knowledge (OSI Layers, Arnic 429 protocols, WiFi, etc.)
• Product security or secure system design; threat modeling or fuzzing/pen testing

Nice To Haves

• Risk Management Framework
• Knowledge of Threat Models and Data Flow Diagrams
• Data/network security implementations with operating systems
• Understanding tailoring and hardening of operating systems
• Familiarity with system and application penetration testing
• Experience with SAST and analyzing security impact of code defects
• Executing System & Application Fuzzing / Resiliency Tests
• Knowledge of Public Key Infrastructure (PKI)
• Industry recognized security certifications (Sec+, OSCP, CISSP, etc.)

Responsibilities

• Address Common Vulnerabilities and Exposures (CVEs)
• Author, review Risk Management Framework (RMF) cybersecurity artifacts
• Follow and guide teams to the adherence of military RMF security processes
• Conduct Security Technical Implementation Guide (STIG) investigations
• Support organizational adoption of the Avionics SSDLC
• Develop and execute fuzzing and penetration tests to evaluate the robustness of the attack surface
• Analyze system data flows to identify attack vectors and assess risks to new and existing products
• Develop threat model / data flow diagrams to ensure data can be properly isolated in motion and at rest
• Ensure proper implementation of security measures during product development
• Develop, deploy and automate security tools for identifying product security flaws
• Help characterize security vulnerabilities for product impact and recommend mitigations
• Review code to identify weaknesses in the implementation of security functions
• Conduct vulnerability assessments of proposed and in-service systems

Benefits

• Medical, dental, and vision insurance
• Three weeks of vacation for newly hired employees
• Generous 401(k) plan that includes employer matching funds and separate employer retirement contribution, including a Lifetime Income Strategy option
• Tuition reimbursement program
• Student Loan Repayment Program
• Life insurance and disability coverage
• Optional coverages you can buy pet insurance, home and auto insurance, additional life and accident insurance, critical illness insurance, group legal, ID theft protection
• Birth, adoption, parental leave benefits
• Ovia Health, fertility, and family planning
• Adoption Assistance
• Autism Benefit
• Employee Assistance Plan, including up to 10 free counseling sessions
• Healthy You Incentives, wellness rewards program
• Doctor on Demand, virtual doctor visits
• Bright Horizons, child and elder care services
• Teladoc Medical Experts, second opinion program