Security Architect, Subject Matter Expert (SME)

Curtiss-Wright Corporation•Tewksbury, MA

About The Position

Security Architect, Subject Matter Expert (SME) The Modular Secure Solutions (MSS) business unit of Curtiss-Wright Defense Solutions division is seeking a Security Architect, Subject Matter Expert (SME) to support its secure embedded computing product business for the US DoD and other US stakeholders. The products incorporate security features and unique capabilities in software, firmware, and hardware. The Security Architect SME is expected to serve as the primary technical advisor and SME for security-related decisions across complex projects. Advise stakeholders on emerging security technologies and strategies to enhance and grow Curtiss Wright’s System Security product offerings and support technology and product roadmap definition and development. Champion system security architecture development and requirements derivation, decomposition, and flow down for products with varying levels of system design maturity. Design system and solution features with engineering teams to meet and exceed industry-standard security goals. This position can be filled at the Principal Systems Security Engineer or Sr. Principal Systems Security Engineer level based on specific requirements. Location: Ashburn, VA Salary Range: $144,100.00 - $192,100.00 per year plus bonus Please note that the salary range information provided is a general guideline only, reflecting a position based in Virginia. Criteria such as the candidate’s qualifications and relevant experience, the scope of the specific position, as well as market and business considerations will be evaluated when extending an offer. We Take Care of Our People Paid Time Off I 401K with Employer Match and Profit Sharing I Health and Wellness Benefits I Learning and Development Opportunities I Referral Program I Competitive Pay I Recognition I Employee Stock Purchase Plan I Inclusive & Supportive Culture

Requirements

Experience in one or more of the following fields: Systems Security Engineering, Electrical Engineering, Software Engineering, Computer Engineering
Familiarity with DoD 5200.39, DoDI 5200.44, and related Anti-Tamper and CPI protection policies.
Experience with FPGA/ASIC design, embedded systems security, and hardware reverse engineering.
Working knowledge of the Anti-Tamper architecture design including requirements development and technical baseline management ensuring system resilience.
Experience developing, reviewing, and validating Anti-Tamper (AT) Plans and Verification & Validation (V&V) Plans aligned with DoD AT policies and standards.
Strong written and verbal communication skills, with the ability to present technical information clearly to senior government leadership, internal stakeholders, and external customers.
Strong understanding of the scientific basis behind the product, systems, and security design.
A sincere commitment to a positive, inclusive, and collaborative culture.
Familiarity with cryptographic solutions and relevant standards, including key management and encryption protocols and their application with system-level cryptographic implementation, encryption key management, and secure data protection techniques.
Experience in the design and implementation of secured systems based on system requirements and design analysis.
Experience in performing Threat Countermeasure Tree Analysis to identify and mitigate system vulnerabilities.
Working knowledge of Security State-of-the-Art (S-SOTA) technologies and their integration into embedded systems.
Familiarity with the requirements, processes and technologies for cross-domain solutions (CDS).
Requires a bachelor's degree in electrical engineering, Computer Engineering, Mechanical Engineering, Systems Engineering, Applied Physics, or related field.
Bachelor's degree requires 10+ years' experience of working on System Security Engineer or other relevant position.
Master's degree requires 5-10 years' experience of working on System Security Engineer or other relevant position.
Two (2) years of experience with Anti-Tamper / Cyber Security, Reverse Engineering and/or Cyber Security Risk Management Framework / Cyber Resiliency
Ability to obtain and maintain a minimum of a Secret Clearance with additional customer specified clearance prior to start.
Must be a US citizen and able to obtain and maintain a DOD Security clearance
Travel up to 20% per month; Travel up to 40% on occasion

Nice To Haves

Master's degree preferred.

Responsibilities

Review engineering design documents for anti-tamper solutions (e.g. Anti-Tamper Plans) and author written feedback for DoD program offices and customers to document identified weaknesses and vulnerabilities of anti-tamper solutions with the end goal of develop, guide, and monitor technical documentation to capture trade studies, system designs, analyses, and results related to improving a product or program’s security posture.
Identify, assess, and recommend innovative design solutions and technologies to enhance CPI protection and mitigate vulnerabilities to exploitation and reverse engineering.
Perform risk assessments, threat modeling, and vulnerability analyses to proactively identify and mitigate risks.
Lead the design, evaluation, and validation of security architectures for Curtiss Wright Defense products and customer engagement.
Support the development and implementation of hardware and software Anti-Tamper techniques and countermeasures to protect assets and enhance operational integrity and reliability.
Support strategic planning for technology development that aligns with Curtiss-Wright strategic priorities.
Develop and maintain security reference architectures, roadmaps, and best practices.
Develop, document, and teach best practices across many peer groups.
Collaborate with cross-functional teams to ensure seamless integration of security best practices throughout solution lifecycles.
Collaborate with the US Government and program teams to negotiate and develop Anti-Tamper / CyberSecurity solutions for international export markets, ensuring compliance with Tri-Service Committee and Red Team requirements for US-deployed and exported military systems.
Actively participate in communities of practice (internal to CW and external) to enhance domain knowledge and foster continuous professional development throughout the organization.