Eng Sr Prin - Sys
BAE Systems
- Endicott, NY
- Permanent
- Full-time
In Controls & Avionics Solutions, you will have the opportunity to help define and develop the next generation of avionics - whether it is fly-by-wire flight controls, full authority digital engine controls, or power management.Power & Propulsion Solutions (PPS):
In Power & Propulsion Solutions, we're involved with everything from providing efficient, power management on military vehicles to developing eco-friendly, hybrid and electric systems for the commercial world. Be part of a team that is helping to keep the air we breathe much cleaner.Duties and responsibilities include:
- Developing product security CONOPS and system security plans, identifying roles and responsibilities across a multi-discipline project team for implementing product security for embedded control systems.
- Decomposing customer product security requirements into feature-set capability requirements allocated to hardware, programmable logic devices, software and supporting engineering groups.
- Participate in threat/vulnerability assessments applying designated guidelines to identify required security measures to mitigate the security risks.
- Developing cybersecurity test plans and procedures to verify effectiveness of implemented features.
- Support cyber security audit and test events to support certification/accreditation milestones.
- Coordinate with Safety Engineering to ensure product security features do not adversely impact product safety.
At BAE Systems, we work hard every day to nurture an inclusive culture where employees are valued and feel like they belong. We are conscious of the need for all employees to see themselves reflected at every level of the company and know that in order to unlock the full potential of our workforce, everyone must feel confident being their best, most sincere self and be equipped to thrive. We provide impactful professional development experiences to our employees and invest in social impact partnerships to uplift communities and drive purposeful change. Here you will find significant opportunities to do meaningful work in an environment intentionally designed to be one where you will learn, grow and belong.Clearance Level - Must be able to obtain for positionSecretShift1st ShiftUnion JobNoneBusiness AreaControls & Avionics SolutionsRequired Skills and Education
- Required Education, Experience, & Skills
- Bachelor's Degree in related engineering field
- 8+ years of experience in embedded controls development with at least 4 years applying product security.
- Experience in full lifecycle development including system requirements, design, system-level integration, validation, and verification.
- Experience in designing, architecting and integrating electronic control systems that include hardware, software and programmable logic devices.
- Experience performing threat assessments on embedded controls.
- Experience defining requirements for product security features leveraging component level cyber security features including, secure boot, Trusted Execution Environments, cryptographic accelerators, Trusted Platform Modules (TPMs) and Hardware Security Modules (HSMs).
- Experience translating cybersecurity concepts including; confidentiality, integrity, availability, authentication and authorization into functional cybersecurity requirements for the system being developed.
- Experience applying any of the following security processes; DoD Risk Management Framework (RMF), DO-326A Airworthiness Security Process Specification or ISO-21434 Road Vehicle Security.
- Experience performing security testing on embedded control including; scanning or fuzzing or pen-testing using industry standard tools.
- Technical writing skills: capable of creating required engineering documentation.
- Master's Degree in related engineering field
- 10+ years of experience in avionics or electronic controls embedded development, including familiarity with systems such as flight controls, engine controls or mission systems, with at least 5 years of product security experience.
- Experience with development of formal validation and verification procedures.
- Experience with safety critical development guidelines including; ARP4754, DO-178B/C, DO-254, ISO-26262 or equivalent safety process requirements.
- Understanding of purpose and use cases for cryptographic objects: Keys, Certs, CRLs; algorithms; SHA, AES, RSA, ECC, HMAC, GMAC, etc., and protocols; TLS/DTLS, IPSec, etc.
- Understanding of offensive security principles.
- Experience with DISA STIGs and/or IAVA compliance hardening
- Experience with MITRE's CVEs, CWEs, CAPEC and ATT&CK.
- Demonstrated experience providing technical leadership.
- Technical documentation development
- Team player with a proactive attitude and the ability to be productive in a dynamic/collaborative environment
- Strong oral and written communications skills
- Motivated self-starter with good problem solving skills, judgment, and analytical capability
- Planning and organizational skills.