Sr. Principal Engineer, Product Cyber Vulnerability Assessment

RTX

3d•Remote

About The Position

The Product Cybersecurity Center (PCsC) provides enterprise-wide services, enablers, training, and technical expertise that help RTX securely design, build, and assess the cybersecurity of its products. As a senior cybersecurity expert within this organization, the Sr. Principal Engineer, Cyber Vulnerability Assessment leads a broad range of product-focused security assessment activities—including vulnerability analysis, penetration testing, secure-design evaluation, and architectural review—to identify risks and strengthen the resilience of a broad range of RTX products across all lifecycle stages. This role encompasses advanced vulnerability identification, penetration testing, secure design evaluation, architectural analysis, and risk assessment — all aimed at strengthening the cybersecurity posture and resilience of RTX products. It requires deep technical capability, strong analytical skills, and the ability to provide actionable recommendations that directly influence product engineering decisions. A key component of this role is also the development and delivery of cybersecurity training that enables product teams to integrate secure practices into design, development, testing, and sustainment. The Sr. Principal Engineer ensures that assessment insights and real-world findings directly shape course content, hands-on exercises, and learning materials used across RTX engineering teams. Training is not an isolated task; it is a strategic capability that amplifies the impact of assessment activities by raising the overall cybersecurity proficiency of the product engineering workforce. This is an individual contributor role with no direct reports, but it requires operating as a recognized technical leader. The Sr. Principal Engineer will regularly lead assessment teams composed of engineers and specialists from across the business, providing technical direction, mentoring, and coordinating activity to deliver high-impact product assessments. Influence, expertise, and the ability to guide others—without formal authority—are essential for success.

Requirements

Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related technical discipline.
10+ years of experience in vulnerability assessment, penetration testing, offensive security, product cybersecurity, or similar hands‑on cybersecurity disciplines.
Strong proficiency with penetration testing and vulnerability analysis tools and techniques (e.g., Nmap, Burp Suite, Metasploit, OWASP ZAP, Ghidra, IDA Pro, JTAGulator, Bus Pirate, ChipWhisperer).
Experience delivering and developing material to a broad audience – including both technical and leadership positions (e.g., teaching, training, conference presentations, customer presentations).
Professional certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GDSA, CISSP, or equivalent.
The ability to obtain and maintain a U.S. government issued security clearance is required.
U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance.

Nice To Haves

12+ years of experience in product cybersecurity, secure product development, offensive security research, or advanced vulnerability analysis.
Experience performing or contributing to product design assessments, threat modeling, and secure design evaluations.
Familiarity with secure development practices, DevSecOps pipelines, and automated testing or scanning methods.
Experience with traditional networking and communication protocols (e.g., TCP, UDP, IPSEC, HTTP/S,REST) as well as aviation and industrial bus standards such as ARINC 429, ARINC 664, MIL‑STD‑1553, CAN/CANbus, and related embedded communication protocols.
Experience using AI/ML for testing, analysis, or automation.
Advanced offensive security certifications (OSEE, OSED, OSCE3, GXPN, GREM, GSE).
Experience with scripting or automation (Python, PowerShell, Bash, etc.).
Demonstrated thought leadership through publications, conference participation, research, or open-source contributions.
Experience evaluating product designs, architectures, system interfaces, and data flows for potential weaknesses.
Experience with reading code or evaluating software code bases written in a variety of languages (C, C++, Java, etc)

Responsibilities

Conduct comprehensive cybersecurity evaluations of RTX products across embedded systems, mission systems, avionics, space platforms, hardware/software integrated systems, and cloud-connected components.
Assess product attack surfaces, interfaces, workflows, and security controls to identify weaknesses that could impact mission performance, safety, or resilience.
Perform system-level risk assessments and deliver prioritized mitigation recommendations tailored to product requirements and operational environments.
Review and analyze design artifacts, system behaviors, interface specifications, and product architectures to identify potential vulnerabilities or insecure implementation choices.
Plan, execute, and lead advanced vulnerability analysis and penetration testing activities as part of end‑to‑end product cybersecurity assessments.
Validate vulnerabilities and test exploitation feasibility across software, hardware, network, and physical attack surfaces across a broad range to RTX technologies – including both traditional IT systems and embedded systems.
Simulate adversary behaviors to demonstrate realistic risk and help product teams identify areas needing hardening or redesign.
Communicate findings clearly and provide actionable, prioritized remediation guidance to engineering and leadership stakeholders.
Evaluate product architectures, design approaches, interface definitions, data flows, and security controls for cybersecurity weaknesses.
Conduct threat modeling, analyze attack paths, review cybersecurity requirements, and assess alignment with secure design principles.
Identify cybersecurity gaps early in the development lifecycle and guide engineering teams on integrating effective mitigations.
Collaborate with program architects, engineers, and product owners to ensure secure design practices are implemented throughout development.
Provide cybersecurity insight during initial product concept, requirements development, and early design phases.
Support development teams with secure coding practices, configuration recommendations, and risk-based technical guidance.
Validate implementation of mitigations and participate in verification and validation phases to help sustain a strong product cybersecurity posture.
Assist programs in understanding and improving their security readiness at any stage of the product lifecycle.
Deliver cybersecurity training to systems, software, test, and product engineering teams, supporting PCsC’s enterprise training mission.
Own and maintain at least one training course, ensuring content reflects current threats, secure design principles, assessment techniques, and product-specific considerations.
Develop hands-on labs and real-world scenarios to help engineers understand vulnerabilities and best practices.
Work with other PCsC service areas to ensure cohesive, integrated product security support across programs.
Serve as a senior subject-matter expert influencing cybersecurity decisions, risk evaluation, and secure engineering practices across multiple programs.
Enhance cybersecurity assessment methodologies, automation approaches, and toolchains to improve consistency and efficiency across the enterprise – including the incorporation of AI and cutting edge technologies into processes.
Provide thought leadership for the development of secure, resilient RTX products by advocating for best practices and emerging techniques.
Mentor peers and share expertise across the broader product cybersecurity community.