Sr Staff Engineer - Product Cyber Security

About The Position

Requirements

• Bachelor’s degree from accredited university or college with minimum of 5 years of professional experience OR Associates degree with minimum of 8 years of professional experience OR High School Diploma with minimum of 10 years of professional experience
• Minimum 5 years of professional experience in embedded systems and applications.
• Note: Military experience is equivalent to professional experience
• Eligibility to work in the U.S without restriction.
• Possess or are eligible to obtain DOD clearance
• Travel - up to 5%
• Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.
• This role requires access to U.S. export-controlled information. Therefore, employment will be contingent upon the ability to prove that you meet the status of a U.S. Person as one of the following: U.S. lawful permanent resident, U.S. Citizen, have been granted asylee or refugee status (i.e., a protected individual under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)).

Nice To Haves

• Experience within an Engineering function.
• Bachelor’s degree in computer engineering or in a STEM major (SCIENCE, TECHNOLOGY, ENGINEERING, OR MATH) or equivalent experience.
• Proficiency in at least one programming language (Java, Node.JS, Python, or C/C++)
• Experience conducting static code reviews and applying security auditing and/or penetration testing principles and tools.
• Knowledge of secure architecture and design principles
• Knowledge of Risk Controls frameworks and procedures (DO-326A, NIST CSF, DOD RMF, NIST800-53, etc.).
• Solid understanding of computer architecture, especially the hardware components, software stack and protocols.
• Experience in security technologies like TPM, Secure Boot, Code Signing, Encryption, etc. This may overlap with experience in embedded systems.
• Solid understanding of applied cryptography fundamentals (Encryption, Authentication, Symmetric Cryptography, Asymmetric Cryptography etc)
• Knowledge/awareness of OWASP Web/API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensating controls.

Responsibilities

• Supporting product development teams and project execution related activities in support of customer and regulatory product cybersecurity requirements
• Define embedded product cybersecurity objectives, analyze product architectures for security vulnerabilities, evaluate threats and define threat vectors, qualitatively assess cybersecurity risk, define and manage product cybersecurity requirements, coordinate and conduct cybersecurity test activities to verify cybersecurity requirements, and support regulatory certification responses ensuring continued airworthiness
• Coach product development teams on secure design principles, development practices, and product hardening.
• Perform Threat Modelling and Architecture Risk Analysis on products.
• Perform Security Code Reviews, Vulnerability Analysis and research on application code.
• Coach and mentor developers to write and implement cryptography (PKI, Code Signing, etc)
• Guide developers to write secure code and implement secure engineering practices.
• Provide response for security related incidents reported for software products.
• Engage subject matter experts in successful transfer of complex domain knowledge
• Provide guidance and advise on writing secure code that meets standards and delivers desired functionality using the technology selected for the project.
• Audit and exploit applications and systems under development to expose vulnerabilities, and demonstrate possible fixes.
• Analyze and validate completed security improvements and CVE patches.

Benefits

• GE Aerospace offers a great work environment, professional development, challenging careers, and competitive compensation.
• Relocation Assistance Provided: Yes