Sr. Principal Engineer, Product Cyber Vulnerability Assessment

Raytheon, the world’s largest aerospace and defense company, is seeking a Sr. Principal Engineer for Product Cyber Vulnerability Assessment. This role involves leading security assessment activities to enhance the cybersecurity posture of various products and providing training to integrate secure practices into product development.

Responsibilities:

• Conduct comprehensive cybersecurity evaluations of RTX products across embedded systems, mission systems, avionics, space platforms, hardware/software integrated systems, and cloud-connected components
• Assess product attack surfaces, interfaces, workflows, and security controls to identify weaknesses that could impact mission performance, safety, or resilience
• Perform system-level risk assessments and deliver prioritized mitigation recommendations tailored to product requirements and operational environments
• Review and analyze design artifacts, system behaviors, interface specifications, and product architectures to identify potential vulnerabilities or insecure implementation choices
• Plan, execute, and lead advanced vulnerability analysis and penetration testing activities as part of end‑to‑end product cybersecurity assessments
• Validate vulnerabilities and test exploitation feasibility across software, hardware, network, and physical attack surfaces across a broad range to RTX technologies – including both traditional IT systems and embedded systems
• Simulate adversary behaviors to demonstrate realistic risk and help product teams identify areas needing hardening or redesign
• Communicate findings clearly and provide actionable, prioritized remediation guidance to engineering and leadership stakeholders
• Evaluate product architectures, design approaches, interface definitions, data flows, and security controls for cybersecurity weaknesses
• Conduct threat modeling, analyze attack paths, review cybersecurity requirements, and assess alignment with secure design principles
• Identify cybersecurity gaps early in the development lifecycle and guide engineering teams on integrating effective mitigations
• Collaborate with program architects, engineers, and product owners to ensure secure design practices are implemented throughout development
• Provide cybersecurity insight during initial product concept, requirements development, and early design phases
• Support development teams with secure coding practices, configuration recommendations, and risk-based technical guidance
• Validate implementation of mitigations and participate in verification and validation phases to help sustain a strong product cybersecurity posture
• Assist programs in understanding and improving their security readiness at any stage of the product lifecycle
• Deliver cybersecurity training to systems, software, test, and product engineering teams, supporting PCsC’s enterprise training mission
• Own and maintain at least one training course, ensuring content reflects current threats, secure design principles, assessment techniques, and product-specific considerations
• Develop hands-on labs and real-world scenarios to help engineers understand vulnerabilities and best practices
• Work with other PCsC service areas to ensure cohesive, integrated product security support across programs
• Serve as a senior subject-matter expert influencing cybersecurity decisions, risk evaluation, and secure engineering practices across multiple programs
• Enhance cybersecurity assessment methodologies, automation approaches, and toolchains to improve consistency and efficiency across the enterprise – including the incorporation of AI and cutting edge technologies into processes
• Provide thought leadership for the development of secure, resilient RTX products by advocating for best practices and emerging techniques
• Mentor peers and share expertise across the broader product cybersecurity community

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science, Engineering, or related technical discipline
• 10+ years of experience in vulnerability assessment, penetration testing, offensive security, product cybersecurity, or similar hands‑on cybersecurity disciplines
• Strong proficiency with penetration testing and vulnerability analysis tools and techniques (e.g., Nmap, Burp Suite, Metasploit, OWASP ZAP, Ghidra, IDA Pro, JTAGulator, Bus Pirate, ChipWhisperer)
• Experience delivering and developing material to a broad audience – including both technical and leadership positions (e.g., teaching, training, conference presentations, customer presentations)
• Professional certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GDSA, CISSP, or equivalent
• The ability to obtain and maintain a U.S. government issued security clearance is required. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance
• 12+ years of experience in product cybersecurity, secure product development, offensive security research, or advanced vulnerability analysis
• Experience performing or contributing to product design assessments, threat modeling, and secure design evaluations
• Familiarity with secure development practices, DevSecOps pipelines, and automated testing or scanning methods
• Experience with traditional networking and communication protocols (e.g., TCP, UDP, IPSEC, HTTP/S, REST) as well as aviation and industrial bus standards such as ARINC 429, ARINC 664, MIL‑STD‑1553, CAN/CANbus, and related embedded communication protocols
• Experience using AI/ML for testing, analysis, or automation
• Advanced offensive security certifications (OSEE, OSED, OSCE3, GXPN, GREM, GSE)
• Experience with scripting or automation (Python, PowerShell, Bash, etc.)
• Demonstrated thought leadership through publications, conference participation, research, or open-source contributions
• Experience evaluating product designs, architectures, system interfaces, and data flows for potential weaknesses
• Experience with reading code or evaluating software code bases written in a variety of languages (C, C++, Java, etc.)