Implements and maintains the IT Security processes and infrastructure required for continued airworthiness of the company’s fleet of aircraft. Supports cybersecurity compliance and risk management, and internal initiatives to extend the use of networked technology on the aircraft in support of the company’s innovation and continuous improvement programs. Serves as the primary liaison between the Information Security department and the Tech Ops, Safety, QA, and other functions for all matters related to aircraft cybersecurity. Assists Enterprise IT functions with interfacing enterprise IT systems and processes with aircraft technology systems and processes, as well as translating operational risk recommendations into technical action plans. Maintaining the cybersecurity and regulatory posture of the e-Enabled aircraft fleet is paramount.

• Review ongoing developments around regulatory guidance, assess impact and propose implementation plans
• Manage digital certificates and PKI components supporting aircraft cybersecurity, including certificate renewal
• Identify components of the company’s aviation cybersecurity risk profile, perform cybersecurity risk assessments on the ecosystem supporting aircraft operations, and analyze and develop mitigation strategies for aircraft network-related risks
• Conduct regular IT Security risk assessments of e-Enabling systems, avionics, and the supporting enterprise IT environment
• Establish cybersecurity and compliance requirements for new platforms and evaluate RFP responses against defined requirements
• Review new and existing system designs for compliance with cybersecurity security standards and best practices
• Provide architectural and technical guidance and recommendations for securing systems and networks on the aircraft and on the ground
• Represent the Information Security department in engagements with the FAA, OEMS, and other external parties
• Assist in the troubleshooting of e-Enabling components and supporting infrastructure including PKI, software signing and distribution, aircraft connectivity components, etc.
• Oversee security configuration of UMD laptops and other components supporting the e-Enabled aircraft fleet
• Support internal and external audits of the company’s Airline Network Security Program (ANSP)
• Validate implemented controls
• Support aircraft technology initiatives including Aircraft Interface Device (AID), Electronic Flight Bag (EFB), and Wireless QAR (WQAR)
• Provide security awareness guidance and training to technical operations personnel
• Coordinate with the training department to develop specialized internal training program content
• Work with the IT Security operations function to analyze aircraft security logs and create log analysis reports
• Maintain and build relationships with key internal and external partners including OEMs and regulators
• Participate in industry forums and working groups, including A4A and the Aviation ISAC (A-ISAC)
• Other duties as assigned

Documentation & Knowledge Management:

• Develop comprehensive, cohesive, and high-quality program documentation, including assessment reports and technical processes and procedures
• Ensure documentation is sufficient to yield reproducible results and withstand FAA review
• Identify, track, any resolve gaps in existing documentation
• Develop plans, instructions, and documents to comply with regulatory manuals and to resolve non-mandatory in-service issues
• Action plan development

• B.S. Degree in Computer Science, Computer Engineering, Information Technology, Electrical Engineering, or related field and/or 7+ years of related experience.
• Minimum 7 years’ experience in IT, Avionics security or related fields and at least 1 years’ experience in IT Security
• Understanding of cybersecurity risk management concepts is required
• A strong understanding of Information Security principles including security architecture and design principles is required
• A strong understanding of the TCP/IP networking is required
• A strong understanding of PKI and experience with digital certificate technology including CA management, SSL encryption and key protection is required.
• Excellent verbal and written communication skills required.
• Must be a quick learner
• Proficiency in the Microsoft Office suite is required, including the ability to create complex Visio diagrams, Excel spreadsheets, and well-formatted written reports
• Experience with avionics security / securing e-Enabled aircraft is strongly desired
• Avionics experience is strongly desired
• Understanding of NIST standards for Information Security is strongly desired
• Familiarity with industry standards for aircraft cybersecurity desired
  • Examples: RTCA DO-326A, RTCA DO-356A, RTCA DO-355, ATA Spec 42, Boeing ANSOG
• Familiarity with the FAA certification process is strongly desired
• Experience with embedded systems security / hardware security is desired
• Strong understanding of standard authentication protocols is desired
• Project management experience is desired
• Certifications such as CISSP, SANS/GIAC certifications are desired

Special demands:

• May require travel on an as-needed basis to domestic and international company locations and training events.

Salary Range: $120,100 - $162,500

Financial offer within the stated range is contingent on the qualification of selected candidates

The Company is an Equal Opportunity Employer. It is our policy to afford equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, national origin, citizenship, place of birth, age, disability, protected veteran status, gender identity or any other characteristic or status protected by applicable in accordance with federal, state and local laws.

If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law document at http://www1.eeoc.gov/employers/poster.cfm.

To view our Pay Transparency Statement, please click here: Pay Transparency Statement