The Mid-Level Aerospace Cybersecurity Specialist is responsible for securing control systems used in aircraft, propulsion, avionics, and other critical aerospace subsystems. The role involves conducting risk assessments, performing threat modeling, designing secure system architectures, and supporting the implementation of cybersecurity solutions in accordance with aerospace regulatory standards. This position serves as a bridge between system engineers and cybersecurity leadership, ensuring security is integrated across the product lifecycle.
Cyber Risk Assessment & Threat Modeling:
Conduct formal threat analyses and risk assessments (e.g., TARA) on embedded control systems and flight-critical software.
Secure Design Implementation:
Collaborate with hardware, software, and systems engineering teams to embed security controls in system architecture and design phases.
Penetration Testing & Vulnerability Analysis:
Perform or coordinate vulnerability scans, red-teaming, and penetration testing of flight control networks and embedded control software.
Security Requirement Definition & Verification:
Develop and validate security requirements based on DO-326A/DO-355 and NIST standards across system components.
Incident Response Planning:
Support development of response protocols for potential cyber incidents affecting safety-critical systems, including forensic readiness.
Compliance and Certification Support:
Ensure adherence to standards such as DO-326A (Airworthiness Security), DO-356A (Security Process), FAR/Part 25.1316, and NIST 800-53.
Security Testing Integration:
Coordinate with test teams to integrate cybersecurity validation into HIL/SIL/iron bird testing platforms.
Mentorship and Knowledge Sharing:
Support junior engineers and interns with technical guidance and best practices in control system cybersecurity.
Embedded System Security Engineering:
Protect real-time embedded control systems, ensuring they are resilient to cyber threats without compromising performance or safety.
Airworthiness and Regulatory Compliance:
Apply a risk-based security approach that aligns with FAA/EASA regulations, ensuring security assurance levels (SALs) are achieved.
Defense-in-Depth Architecture:
Contribute to the development of layered security designs across software, firmware, communication interfaces, and network boundaries.
Secure Communication Protocols:
Assess and enhance the cybersecurity of aircraft communication standards (e.g., ARINC 429, CAN, AFDX, MIL-STD-1553, RS-422).
Toolset Utilization and Automation:
Use advanced cybersecurity tools for static/dynamic code analysis, intrusion detection, and threat simulation (e.g., Wireshark, Metasploit, Nessus, Ghidra).
Bachelor’s or Master’s degree in Cybersecurity, Electrical Engineering, Computer Science, or related field
3–7 years of experience in embedded system security, avionics cybersecurity, or control system protection
Strong familiarity with cybersecurity frameworks such as DO-326A/DO-355, NIST 800-53, ISO/SAE 21434
Hands-on experience with embedded systems, avionics buses, real-time operating systems (RTOS), and secure firmware development
Certifications such as GICSP, CISSP, CEH, or Security+ preferred
Excellent communication and collaboration skills in cross-functional aerospace engineering environments
Ability to obtain and maintain a security clearance (as required)