We're on the hunt for a talented Senior Product Security – Cybersecurity Engineer to elevate our Product Security team. In this pivotal role, you'll weave cybersecurity into every stage of our In-Flight Entertainment and Connectivity (IFEC) product lifecycle, ensuring our solutions are robust, compliant, and ahead of emerging threats. If you thrive in a collaborative environment, love hands-on testing, and excel at turning complex requirements into actionable strategies, this is your opportunity to make a real impact in a high-stakes industry.

Key Responsibilities:

Embed cybersecurity best practices throughout the product development lifecycle, from design to verification, for our cutting-edge IFEC products and services.
Conduct in-depth security testing, including vulnerability assessments, penetration testing, and evaluations mandated by OEMs like Airbus and Boeing.
Dive into testing reports, validate findings, and partner with engineering teams to devise secure, budget-friendly fixes.
Craft and maintain essential OEM-required security documentation, supporting audits and submissions with precision.
Build and refine internal governance materials, such as policies, procedures, and security frameworks, to foster a culture of compliance.
Break down regulatory, OEM, and industry standards into clear engineering tasks, collaborating with software, hardware, systems, and test teams for seamless implementation.
Lead cross-functional initiatives with product management, engineering, compliance, and operational security to integrate security consistently.
Stay vigilant on evolving cybersecurity standards, assessing impacts on our IFEC offerings and spearheading necessary adaptations.
Contribute to security reviews, risk assessments, audits, and certifications, both internally and externally.
Drive ongoing improvements in product security, including enhancements in logging, anomaly detection, cryptography, and secure development practices.
Act as the key point of contact with OEM security teams, handling reviews, audits, and technical dialogues.
Monitor OEM requirement shifts, evaluate implications, and implement strategies for sustained compliance.
Champion process improvements to streamline compliance and governance in product security.

What We're Looking For:

A strong foundation in product security principles, including threat modeling, risk management, and secure development lifecycles.
Expertise in risk assessment and governance methodologies like EBIOS, ISO 27001, ISO 31000, NIST CSF, and STRIDE.
Familiarity with OEM cybersecurity standards (e.g., Airbus, Boeing) in the aviation or IFEC space.
Proven track record leading compliance projects from requirement interpretation to technical rollout.
Exceptional technical writing skills for creating auditable governance documentation.
Solid organizational and project management abilities to handle recurring cycles and processes.
Outstanding communication and leadership to collaborate with diverse teams and stakeholders.
Analytical prowess to interpret and integrate OEM requirements into compliance and governance frameworks.

Qualifications:

Bachelor's degree in Computer Science, Cybersecurity, Information Security, Engineering, or a related field.
5+ years in cybersecurity, product security, or compliance roles—aviation or regulated industries a big plus.
Hands-on experience with risk assessments, threat modeling, and governance documentation.
Background in compliance frameworks and technical security docs.
Exposure to OEM requirements (Airbus, Boeing) highly preferred.
Certifications like CISSP, CSA, ISO 27001 Lead Implementer/Auditor, GIAC GSEC, or equivalents are advantageous.

Cyber Security Engineer