Cybersecurity Engineer, Sr.
About the position
We are seeking a Product Security – Cybersecurity Engineer, Sr. to join our Product Security team, who will be responsible for integrating cybersecurity requirements across the full product development lifecycle of IFEC (In-Flight Entertainment and Connectivity) products and services. This role involves hands-on security testing, including vulnerability assessments, penetration testing, and OEM-mandated evaluations, as well as analyzing findings and collaborating with engineering teams to implement secure, cost-effective remediation strategies.
The Cybersecurity Engineer will develop and maintain OEM-required security documentation, internal governance materials, and processes, translating regulatory and industry-standard security requirements into actionable engineering tasks. Working closely with cross-functional teams, including product management, engineering, compliance, and operational security, this role ensures consistent security integration, monitors evolving cybersecurity standards, and drives continuous improvement of product security operations.
The position also supports internal and external security reviews, risk assessments, audits, and certification activities.
Responsibilities
• Integrate cybersecurity requirements into the full product development lifecycle, ensuring secure design, implementation, and verification of IFEC products and services.
• Perform hands-on security testing, including vulnerability assessments, penetration testing, and OEM-mandated evaluations, across aircraft hardware, software, and networked systems.
• Analyze vulnerability and penetration-testing reports, validate findings, and work with engineering teams to recommend secure, cost-effective remediation strategies.
• Develop, maintain, and update OEM-required product security documentation (Airbus, Boeing, etc.) and support recurring submissions and audits.
• Create and maintain internal Product Security governance materials such as policies, procedures, processes, and security management frameworks.
• Translate OEM, regulatory, and industry-standard security requirements into actionable engineering tasks and collaborate with software, hardware, systems, and test teams to ensure implementation.
• Coordinate cross-functional security initiatives with product management, engineering, compliance, and operational security teams to ensure consistent security integration.
• Monitor evolving cybersecurity, OEM, and industry standards; assess their impact on IFEC products; and drive requirement changes or mitigation strategies.
• Support and participate in internal and external product security reviews, risk assessments, OEM audits, and certification activities.
• Contribute to continuous improvement of product security operations, including logging, anomaly detection, cryptographic controls, and secure development best practices.
• Serve as the primary liaison with OEM security representatives, managing documentation reviews, audits, and technical discussions.
• Monitor changes in OEM cybersecurity requirements, assess impact, and drive implementation strategies to maintain ongoing compliance.
• Contribute to continuous improvement initiatives to streamline compliance management and product security governance practices.
• Support product security reviews, risk assessments, and regulatory audits as needed.
Requirements
• Strong understanding of product security principles (threat modeling, risk management, secure development lifecycle).
• Demonstrated knowledge of risk assessment and governance methodologies, including EBIOS, ISO 27001, ISO 31000, NIST CSF, and STRIDE.
• Familiarity with OEM cybersecurity requirements (e.g., Airbus, Boeing) in the context of IFEC products and services.
• Proven ability to lead cross-functional compliance projects, driving requirements from interpretation through to technical implementation.
• Strong technical writing and governance documentation skills, with ability to develop structured, auditable, and repeatable frameworks.
• Strong organizational and project management skills, capable of managing recurring documentation cycles and governance processes.
• Excellent communication and leadership skills to influence and collaborate across multiple teams and with external stakeholders.
• Ability to analyze and interpret OEM requirements and integrate them into both product compliance and internal governance frameworks.
• Bachelor’s degree in Computer Science, Cybersecurity, Information Security, Engineering, or a related field.
• 5+ years of experience in cybersecurity, product security, or compliance-related roles (aviation or regulated industries preferred).
• Demonstrated experience in risk assessment, threat modeling, and governance documentation.
• Experience working with compliance frameworks and technical security documentation.
Nice-to-haves
• Prior exposure to OEM cybersecurity requirements (Airbus, Boeing) is highly desirable.
• Relevant industry certifications (e.g., CISSP, CSA, ISO 27001 Lead Implementer/Auditor, GIAC GSEC, or equivalent) are a plus.
Benefits
• Paid time off: Exempt Salaried employees receive flexible paid time off. This means that there is no fixed number, range, or limit to the amount of Personal and Vacation Days that may be taken for exempt employees. Non-exempt hourly employees accrue 14 vacation days per year + 7 sick days + 3 personal days. Accrual rate increases with tenure. All employees receive 11 company paid holidays per year. We also close our offices at the corporate level in the U.S. between Christmas and New Year. For operational positions that are expected to work on holidays, we provide additional compensation for hours worked.
• Health Insurance: Medical insurance offerings from Aetna and Kaiser (CA &HI). Options for Employee Only, Employee + Spouse/Domestic Partner, Employee + Children, or Family. Dental PPO and DMO options & Vision insurance through EyeMed or VSP.
• 401K with 50% match on up to 8% contribution, full vested from day 1.
• Washington residents only are eligible for: Washington’s Family and Medical Leave program and Washington’s Paid Sick Leave program.
• Other offerings include: Wellness Program, Counseling services, FSA & HSA, Life Insurance for employee, spouse and child, AD&D Insurance, Long-term and Short-term disability, Critical Illness Insurance, Accident Insurance, Legal Assistance, Pet Insurance, Identity Theft Protection, Dependent Care FLSA, Education Assistance, Commuter Program, Employee Purchase Program, Service Award Program.
Apply Now
Apply Now
We are seeking a Product Security – Cybersecurity Engineer, Sr. to join our Product Security team, who will be responsible for integrating cybersecurity requirements across the full product development lifecycle of IFEC (In-Flight Entertainment and Connectivity) products and services. This role involves hands-on security testing, including vulnerability assessments, penetration testing, and OEM-mandated evaluations, as well as analyzing findings and collaborating with engineering teams to implement secure, cost-effective remediation strategies.
The Cybersecurity Engineer will develop and maintain OEM-required security documentation, internal governance materials, and processes, translating regulatory and industry-standard security requirements into actionable engineering tasks. Working closely with cross-functional teams, including product management, engineering, compliance, and operational security, this role ensures consistent security integration, monitors evolving cybersecurity standards, and drives continuous improvement of product security operations.
The position also supports internal and external security reviews, risk assessments, audits, and certification activities.
Responsibilities
• Integrate cybersecurity requirements into the full product development lifecycle, ensuring secure design, implementation, and verification of IFEC products and services.
• Perform hands-on security testing, including vulnerability assessments, penetration testing, and OEM-mandated evaluations, across aircraft hardware, software, and networked systems.
• Analyze vulnerability and penetration-testing reports, validate findings, and work with engineering teams to recommend secure, cost-effective remediation strategies.
• Develop, maintain, and update OEM-required product security documentation (Airbus, Boeing, etc.) and support recurring submissions and audits.
• Create and maintain internal Product Security governance materials such as policies, procedures, processes, and security management frameworks.
• Translate OEM, regulatory, and industry-standard security requirements into actionable engineering tasks and collaborate with software, hardware, systems, and test teams to ensure implementation.
• Coordinate cross-functional security initiatives with product management, engineering, compliance, and operational security teams to ensure consistent security integration.
• Monitor evolving cybersecurity, OEM, and industry standards; assess their impact on IFEC products; and drive requirement changes or mitigation strategies.
• Support and participate in internal and external product security reviews, risk assessments, OEM audits, and certification activities.
• Contribute to continuous improvement of product security operations, including logging, anomaly detection, cryptographic controls, and secure development best practices.
• Serve as the primary liaison with OEM security representatives, managing documentation reviews, audits, and technical discussions.
• Monitor changes in OEM cybersecurity requirements, assess impact, and drive implementation strategies to maintain ongoing compliance.
• Contribute to continuous improvement initiatives to streamline compliance management and product security governance practices.
• Support product security reviews, risk assessments, and regulatory audits as needed.
Requirements
• Strong understanding of product security principles (threat modeling, risk management, secure development lifecycle).
• Demonstrated knowledge of risk assessment and governance methodologies, including EBIOS, ISO 27001, ISO 31000, NIST CSF, and STRIDE.
• Familiarity with OEM cybersecurity requirements (e.g., Airbus, Boeing) in the context of IFEC products and services.
• Proven ability to lead cross-functional compliance projects, driving requirements from interpretation through to technical implementation.
• Strong technical writing and governance documentation skills, with ability to develop structured, auditable, and repeatable frameworks.
• Strong organizational and project management skills, capable of managing recurring documentation cycles and governance processes.
• Excellent communication and leadership skills to influence and collaborate across multiple teams and with external stakeholders.
• Ability to analyze and interpret OEM requirements and integrate them into both product compliance and internal governance frameworks.
• Bachelor’s degree in Computer Science, Cybersecurity, Information Security, Engineering, or a related field.
• 5+ years of experience in cybersecurity, product security, or compliance-related roles (aviation or regulated industries preferred).
• Demonstrated experience in risk assessment, threat modeling, and governance documentation.
• Experience working with compliance frameworks and technical security documentation.
Nice-to-haves
• Prior exposure to OEM cybersecurity requirements (Airbus, Boeing) is highly desirable.
• Relevant industry certifications (e.g., CISSP, CSA, ISO 27001 Lead Implementer/Auditor, GIAC GSEC, or equivalent) are a plus.
Benefits
• Paid time off: Exempt Salaried employees receive flexible paid time off. This means that there is no fixed number, range, or limit to the amount of Personal and Vacation Days that may be taken for exempt employees. Non-exempt hourly employees accrue 14 vacation days per year + 7 sick days + 3 personal days. Accrual rate increases with tenure. All employees receive 11 company paid holidays per year. We also close our offices at the corporate level in the U.S. between Christmas and New Year. For operational positions that are expected to work on holidays, we provide additional compensation for hours worked.
• Health Insurance: Medical insurance offerings from Aetna and Kaiser (CA &HI). Options for Employee Only, Employee + Spouse/Domestic Partner, Employee + Children, or Family. Dental PPO and DMO options & Vision insurance through EyeMed or VSP.
• 401K with 50% match on up to 8% contribution, full vested from day 1.
• Washington residents only are eligible for: Washington’s Family and Medical Leave program and Washington’s Paid Sick Leave program.
• Other offerings include: Wellness Program, Counseling services, FSA & HSA, Life Insurance for employee, spouse and child, AD&D Insurance, Long-term and Short-term disability, Critical Illness Insurance, Accident Insurance, Legal Assistance, Pet Insurance, Identity Theft Protection, Dependent Care FLSA, Education Assistance, Commuter Program, Employee Purchase Program, Service Award Program.
Apply Now
Apply Now