Senior Cyber Engineer

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related field
• 7+ years of experience across application security, infrastructure/network security, or systems security
• Hands-on experience with system hardening, vulnerability management, and secure system implementation in operational environments
• Experience working directly with engineering teams in identifying, patching, and/or fixing cybersecurity vulnerabilities during all phases of development
• Involvement with RMF / NIST frameworks and their practical use at the application and infrastructure levels
• Experience supporting or leading cybersecurity compliance efforts aligned to CMMC Level 2 (or equivalent NIST 800-171 implementations), in a medium to large sized environment with comparably complex products.
• Strong cross-domain understanding of software, infrastructure, networking, and system interactions with a proven ability to Influence design and implementation decisions
• ITAR Requirement: This position requires access to information that is subject to compliance with the International Traffic Arms Regulations (“ITAR”) and/or the Export Administration Regulations (“EAR”). In order to comply with the requirements of the ITAR and/or the EAR, applicants must qualify as a U.S. person under the ITAR and the EAR, or a person to be approved for an export license by the governing agency whose technology comes under its jurisdiction. Please understand that any job offer that requires approval of an export license will be conditional on AeroVironment’s determination that it will be able to obtain an export license in a time frame consistent with AeroVironment’s business requirements. A “U.S. person” according to the ITAR definition is a U.S. citizen, U.S. lawful permanent resident (green card holder), or protected individual such as a refugee or asylee. See 22 CFR § 120.15.
• Some positions will require current U.S. Citizenship due to contract requirements.
• Must be willing to work on government contracts and have the ability to obtain a security clearance.

Nice To Haves

• Experience in aerospace, defense, or other high-reliability environments
• Familiarity with SIEM tools (Splunk, Elastic), vulnerability tools (ACAS, Nessus), and standard hardening practices (STIGs, CIS)
• Experience with cloud platforms (AWS, Azure) and containerized environments (Docker, Kubernetes)
• DevSecOps experience, including CI/CD integration and automation (Python, PowerShell, Bash)
• Experience supporting production or high-rate environments where cybersecurity must scale
• Relevant certifications (e.g., Security+, CISSP, CASP)
• Active or eligible security clearance (preferred, not required)
• “Demonstrated ability to institutionalize security engineering practices or standards across multiple programs or sites.”

Responsibilities

• Support cyber secure design and implementation across application and infrastructure layers, including software architectures, APIs, data handling, operating systems, networks, cloud, and container environments.
• Participate in architecture and design reviews (SRR/PDR/CDR) to identify vulnerabilities and implementation risks early, providing practical, implementable solutions that enable progress rather than delay it.
• Lead and support system hardening efforts using established standards (e.g., STIGs, CIS benchmarks) and define repeatable approaches to vulnerability scanning and remediation using tools such as ACAS and Nessus.
• Lead or directly support remediation of cybersecurity vulnerabilities, including patching systems, validating fixes, and ensuring issues are resolved without introducing new operational risk.
• Ensure systems are properly instrumented for logging, monitoring, and auditability, and that security-relevant data is available and usable across development, test, and operational environments. Support integration with SIEM platforms such as Splunk or Elastic.
• Support RMF/NIST-based accreditation efforts by translating control requirements into concrete design and implementation guidance, ensuring systems meet required controls without introducing unnecessary process friction.
• Serve as a practical integration point between engineering, IT infrastructure, and cybersecurity functions, helping align system designs with enterprise security expectations while maintaining program execution.
• Investigate cybersecurity issues across development, integration, and fielded systems, working with teams to implement corrective actions and improve system resilience over time.
• Support integration of cybersecurity practices into broader system and data environments, including alignment with PLM/ERP systems (e.g., Arena, Oracle Fusion) where applicable, and ensuring configurations and baselines are traceable and controlled.
• Act as a cross-functional advisor, influencing engineering and program teams through risk-based reasoning and practical tradeoffs between mission, performance, cost, and security.
• Define and maintain security baselines and patterns for software, infrastructure, and data flows.
• Establish and improve cybersecurity processes integrated into engineering workflows, design reviews, and configuration & release.

Benefits

• AV offers an excellent benefits package including medical, dental vision, 401K with company matching, a 9/80 work schedule and a paid holiday shutdown.
• For more information about our company benefit offerings please visit: http://www.avinc.com/myavbenefits .