Principal Embedded Software Security Engineer

BAE Systems•Village of Endicott, NY

7d•$107,359 - $182,510•Hybrid

About The Position

Bring your Embedded Software and Security Engineering talent to perform software development activities such as architecting, designing and implementing software product security features, performing product security integration, and supporting validation for complex embedded control systems. Sign on Bonus and relocation assistance offered for this position! Engineers at our Endicott NY location support the following Business Areas: Controls & Avionics Solutions (CAS) In Controls & Avionics Solutions, you will have the opportunity to help define and develop the next generation of avionics – whether it is fly-by-wire flight controls, full authority digital engine controls, or power management. http://www.baesystems-ps.com/interactive/cas.htm Power & Propulsion Solutions (PPS) In Power & Propulsion Solutions, we’re involved with everything from providing efficient power management on military vehicles to developing eco-friendly, hybrid and electric systems for the commercial world. Be part of a team that is helping to keep the air we breathe much cleaner. https://www.baesystems.com/en-us/product/hybridrive-propulsion-systems Our Mission: At Electronic Systems, we're passionate about creating solutions that transport millions of passengers every day. Whether it's a bus ride or a flight, our commercial electronic systems help people get where they need to go. We're committed to innovation, safety, and customer satisfaction, and we're looking for talented individuals like you to join our team. In this Sr. Embedded Software Security Engineer role you will make impacts in the following ways; Architecting software cybersecurity features into a real-time safety critical embedded control system. Implementing cybersecurity features in software interfacing directly with hardware components as part of a cybersecurity board support package. Implementing cybersecurity features in software at an application level including protection of data at rest and in transit. Integrating cybersecurity features with existing software product code bases. Applying cybersecurity standards, guidelines and best practices for the development of cybersecurity software. What We Offer: A dynamic and collaborative work environment Opportunities to work on cutting-edge projects that make a real difference Professional development opportunities to help you grow your skills and career A competitive salary and benefits package Hybrid work schedule where you balance your work on site and remote

Requirements

Bachelor‘s degree in Computer Science, Software Engineering, Electrical Engineering or related field with strong embedded software development background.
5+ years of experience in embedded controls development with at least 3 years implementing and testing cybersecurity features.
Experience in full software lifecycle including requirements, design, coding, integration and verification.
Experience integrating on real-time, safety-critical electronic control systems that include hardware, software and programmable logic devices.
Experience with implementing cybersecurity capabilities leveraging features/components including any of the following; secure boot, cryptographic accelerators, Trusted Execution Environments (TEEs), Trusted Platform Modules (TPMs) or Hardware Security Modules (HSMs).
Understanding of purpose and usage of; cryptographic objects: Keys, Certs, CRLs; algorithms: SHA, AES, RSA, ECC, HMAC, GMAC, etc., and protocols: TLS/DTLS, IPSec, etc.
Solid knowledge and hands-on experience with C/C++, Python and assembly language programming
Experience performing static/dynamic code analysis.
Technical writing skills: capable of creating required engineering documentation.

Nice To Haves

Master’s Degree in related engineering field
5+ years of experience in avionics or electronic controls embedded development, including familiarity with systems such as flight controls, engine controls or mission systems, with at least 3 years of product security experience.
CSSLP certification or equivalent certification
Experience applying any of the following security processes; DoD Risk Management Framework (RMF), DO-326A Airworthiness Security Process Specification or ISO-21434 Road Vehicle Security.
Experience with MITRE’s CVEs, CWEs, CAPEC and ATT&CK.
Experience with Multi-core and ARM processing hardware.
Experience with safety critical development guidelines including ARP4754, DO-178B/C, DO-254, ISO-26262 or equivalent safety process requirements.
Demonstrated experience providing technical leadership
Team player with a proactive attitude and the ability to be productive in a dynamic/collaborative environment
Strong oral and written communications skills
Motivated self-starter with good problem solving skills, judgment, and analytical capability, with good planning and organizational skills

Responsibilities

Architecting software cybersecurity features into a real-time safety critical embedded control system.
Implementing cybersecurity features in software interfacing directly with hardware components as part of a cybersecurity board support package.
Implementing cybersecurity features in software at an application level including protection of data at rest and in transit.
Integrating cybersecurity features with existing software product code bases.
Applying cybersecurity standards, guidelines and best practices for the development of cybersecurity software.

Benefits

health, dental, and vision insurance
health savings accounts
a 401(k) savings plan
disability coverage
life and accident insurance
employee assistance program
a legal plan
discounts on things like home, auto, and pet insurance
paid time off
paid holidays
paid parental, military, bereavement, and any applicable federal and state sick leave
company recognition program to receive monetary or non-monetary recognition awards