Sr. Principal Engineer, Product Cyber Vulnerability Assessment

RTX

23h•Remote

About The Position

The Sr. Principal Engineer, Cyber Vulnerability Assessment operates within RTX's Product Cybersecurity Center (PCsC), which provides enterprise-wide services, enablers, training, and technical expertise to ensure the secure design, building, and assessment of RTX products. This senior cybersecurity expert will lead a wide array of product-focused security assessment activities, including vulnerability analysis, penetration testing, secure-design evaluation, and architectural review. The primary goal is to identify risks and enhance the resilience of diverse RTX products across all lifecycle stages. The role demands deep technical capability, strong analytical skills, and the ability to offer actionable recommendations that directly influence product engineering decisions. A crucial aspect of this position involves developing and delivering cybersecurity training to empower product teams to integrate secure practices into design, development, testing, and sustainment. The Sr. Principal Engineer will ensure that insights from assessments and real-world findings are incorporated into course content, hands-on exercises, and learning materials for RTX engineering teams. While an individual contributor role with no direct reports, this position requires operating as a recognized technical leader, regularly leading assessment teams composed of engineers and specialists, providing technical direction, mentoring, and coordinating activities to deliver high-impact product assessments. Success hinges on influence, expertise, and the ability to guide others without formal authority.

Requirements

Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related technical discipline.
10+ years of experience in vulnerability assessment, penetration testing, offensive security, product cybersecurity, or similar hands-on cybersecurity disciplines.
Strong proficiency with penetration testing and vulnerability analysis tools and techniques (e.g., Nmap, Burp Suite, Metasploit, OWASP ZAP, Ghidra, IDA Pro, JTAGulator, Bus Pirate, ChipWhisperer).
Experience delivering and developing material to a broad audience – including both technical and leadership positions (e.g., teaching, training, conference presentations, customer presentations).
Professional certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GDSA, CISSP, or equivalent.
The ability to obtain and maintain a U.S. government issued security clearance is required.
U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance.

Nice To Haves

12+ years of experience in product cybersecurity, secure product development, offensive security research, or advanced vulnerability analysis.
Experience performing or contributing to product design assessments, threat modeling, and secure design evaluations.
Familiarity with secure development practices, DevSecOps pipelines, and automated testing or scanning methods.
Experience with traditional networking and communication protocols (e.g., TCP, UDP, IPSEC, HTTP/S, REST) as well as aviation and industrial bus standards such as ARINC 429, ARINC 664, MIL-STD-1553, CAN/CANbus, and related embedded communication protocols.
Experience using AI/ML for testing, analysis, or automation.
Advanced offensive security certifications (OSEE, OSED, OSCE3, GXPN, GREM, GSE).
Experience with scripting or automation (Python, PowerShell, Bash, etc.).
Demonstrated thought leadership through publications, conference participation, research, or open-source contributions.
Experience evaluating product designs, architectures, system interfaces, and data flows for potential weaknesses.
Experience with reading code or evaluating software code bases written in a variety of languages (C, C++, Java, etc).

Responsibilities

Conduct comprehensive cybersecurity evaluations of RTX products across embedded systems, mission systems, avionics, space platforms, hardware/software integrated systems, and cloud-connected components.
Assess product attack surfaces, interfaces, workflows, and security controls to identify weaknesses that could impact mission performance, safety, or resilience.
Perform system-level risk assessments and deliver prioritized mitigation recommendations tailored to product requirements and operational environments.
Review and analyze design artifacts, system behaviors, interface specifications, and product architectures to identify potential vulnerabilities or insecure implementation choices.
Plan, execute, and lead advanced vulnerability analysis and penetration testing activities as part of end-to-end product cybersecurity assessments.
Validate vulnerabilities and test exploitation feasibility across software, hardware, network, and physical attack surfaces across a broad range to RTX technologies – including both traditional IT systems and embedded systems.
Simulate adversary behaviors to demonstrate realistic risk and help product teams identify areas needing hardening or redesign.
Communicate findings clearly and provide actionable, prioritized remediation guidance to engineering and leadership stakeholders.
Evaluate product architectures, design approaches, interface definitions, data flows, and security controls for cybersecurity weaknesses.
Conduct threat modeling, analyze attack paths, review cybersecurity requirements, and assess alignment with secure design principles.
Identify cybersecurity gaps early in the development lifecycle and guide engineering teams on integrating effective mitigations.
Collaborate with program architects, engineers, and product owners to ensure secure design practices are implemented throughout development.
Provide cybersecurity insight during initial product concept, requirements development, and early design phases.
Support development teams with secure coding practices, configuration recommendations, and risk-based technical guidance.
Validate implementation of mitigations and participate in verification and validation phases to help sustain a strong product cybersecurity posture.
Assist programs in understanding and improving their security readiness at any stage of the product lifecycle.
Deliver cybersecurity training to systems, software, test, and product engineering teams, supporting PCsC’s enterprise training mission.
Own and maintain at least one training course, ensuring content reflects current threats, secure design principles, assessment techniques, and product-specific considerations.
Develop hands-on labs and real-world scenarios to help engineers understand vulnerabilities and best practices.
Work with other PCsC service areas to ensure cohesive, integrated product security support across programs.
Serve as a senior subject-matter expert influencing cybersecurity decisions, risk evaluation, and secure engineering practices across multiple programs.
Enhance cybersecurity assessment methodologies, automation approaches, and toolchains to improve consistency and efficiency across the enterprise – including the incorporation of AI and cutting edge technologies into processes.
Provide thought leadership for the development of secure, resilient RTX products by advocating for best practices and emerging techniques.
Mentor peers and share expertise across the broader product cybersecurity community.