Network, Systems, Cloud, and PKI Security

Focus: Network, Systems, Cloud, and PKI Security

Engineer, Network & Systems (ANSP Program)

FOCUS

• Ensure secure aircraft, ground, and communications systems relied upon for our ANSP Program, with concentrated attention towards network, systems, cloud, and PKI security.

RESPONSIBILITIES

• Secure aircraft and ground systems by implementing and maintaining the ANSP, including PKI, VPN, and zero-trust solutions.

• Manage and maintain server infrastructure (Windows and Linux) supporting cybersecurity systems.

• Configure and manage network devices, including firewalls, VPN gateways, and intrusion detection systems.

• Manage cryptographic keys and digital certificates, ensuring compliance with industry standards.

• Respond to and manage security incidents, including forensic analysis and re,tion.

• Collaborate with stakeholders to ensure secure and efficient operations.

• Stay updated on the latest developments in aircraft IT and network security.

• Support the development of security training programs.

• Monitor aviation systems for suspicious activities and analyze logs to identify threats.

• Perform risk assessments and ensure compliance with aviation-specific cybersecurity frameworks.

• Collect and analyze threat intelligence data, staying informed about emerging threats.

• Secure cloud environments for security log analysis and reporting. Includes designing the secure cloud Clienthitecture, configuring security groups, implementing IAM policies, ensuring data encryption (at rest and in transit).

• Conduct comprehensive security posture assessments of our ANSP ground systems.

SKILLS

• Deep Cybersecurity Expertise: Requires 3-5+ years of progressive cybersecurity engineering experience with deep understanding of network, systems (including Windows and Linux server administration), cloud, and PKI security principles and technologies.

• Hands-on Technical Skills: Proficiency in managing firewalls, VPNs, IDPS, ZTNA, EDR, vulnerability scanning, configuration management tools, and CSPM solutions. Also includes demonstrated experience in Windows and Linux server configuration, hardening, maintenance, and security patching.

• Cloud & PKI Focus: Expertise in cloud security (AWS or Clienture) and extensive experience with PKI infrastructure, certificate lifecycle management, and key management are essential.

• Secure Clienthitecture & Vulnerability Management: Ability to design secure network Clienthitectures and conduct security assessments to identify and mitigate vulnerabilities, including system-level vulnerabilities on Windows and Linux servers.

• Aviation Security Contribution: Will contribute to critical F ircraft network security program duties, including securing communication between aircraft and ground systems, collaborating with OEMs, and ensuring the security and integrity of underlying Windows and Linux server infrastructure.

PREFERRED CERTIFICATIONS

• CISSP (Certified Information Systems Security Professional)

• CCSP (Certified Cloud Security Professional)

• CompTIA Security+

• Cisco CCNA (Cisco Certified Network Associate)

• GIAC Security Essentials (GSEC)

TOOLS AND TECHNOLOGIES

Network Security

• Enterprise-grade Firewalls: (e.g., Cisco Firepower, Palo Alto Networks, Fortinet)

• VPN & ZTNA Technologies: (e.g., RRAS, Tempered Airwall, Cisco AnyConnect, Zscaler, OpenVPN)

• Intrusion Detection/Prevention Systems (IDPS): (e.g., Snort, Suricata, Zeek)

• Monitoring Tools: (e.g., Wireshark)

• Experience with multiple vendors within these categories is beneficial.

System Security (Server & Endpoint)

• Windows & Linux Server Security: Configuration, Hardening, Patching, Microsoft Active Directory and Group Policy

• Endpoint Detection and Response (EDR): (e.g., CrowdStrike Falcon, Microsoft Defender for Endpoint)

• Vulnerability Scanning: (e.g., Tenable Nessus, Tanium Comply)

• Configuration Management (for Security Automation): (e.g., Ansible, Puppet, Chef)

Cloud Security (AWS or Clienture Focus)

• Cloud Security Posture Management (CSPM): (e.g., AWS Security Hub, Clienture Security Center)

• Cloud IAM & Access Control (AWS IAM, Clienture AD)

• Cloud Security Services: (AWS & Clienture native security offerings)

Public Key Infrastructure (PKI)

• Certificate Authorities (CA): (e.g., Microsoft AD CS, OpenSSL)

• Key Management Systems (KMS): (e.g., Hardware HSMs, AWS KMS, Clienture Key Vault, HashiCorp Vault)

SURROUNDING TEAM/KEY PROJECTS

• Lead the implementation of a new network security Clienthitecture for ground-based aviation systems, including use of firewalls, VPNs, and intrusion detection/prevention systems.

• Design and implement a secure hybrid cloud environment for aviation applications, ensuring compliance with industry standards and regulations.

• Develop and implement a comprehensive PKI solution for securing communication between aircraft and ground systems, including certificate lifecycle management and key management.

• Conduct security assessments of network infrastructure and systems, identifying vulnerabilities and recommending mitigation strategies.

• Collaborate with OEMs to evaluate the security of their products and services, ensuring they meet the requirements of aviation systems.

JD 2:

Focus: Risk, Governance, Vulnerability Management, Policies, and Standards

Engineer, GRC & Assessments (ANSP Program)

FOCUS

• Ensure secure aircraft, ground, and communications systems relied upon for our ANSP Program, with concentrated attention towards risk, governance, vulnerability management, policies, and standards.

RESPONSIBILITIES

• Develop and implement security policies and standards, ensuring compliance with industry regulations and best practices.

• Conduct risk assessments and vulnerability assessments to identify1 and mitigate security risks.

• Manage the vulnerability management program, including vulnerability scanning, penetration testing, and re,tion.

• Develop and deliver security awareness training programs.

• Collaborate with stakeholders to integrate security considerations into the design and development of new aviation systems.

• Stay informed about emerging threats and vulnerabilities in the aviation industry.

SKILLS

• Cybersecurity Risk & Governance Expertise: Requires 3-5 years of progressive cybersecurity engineering experience with a deep understanding of risk management frameworks (NIST SP 800-37, ISO 27005), governance principles, vulnerability management, and security policy development.

• Risk Assessment & Mitigation: Proven experience conducting risk assessments (NIST 800-30, NIST CSF), identifying vulnerabilities, analyzing threats, and developing effective mitigation strategies.

• Vulnerability Management Program Expertise: Expertise in vulnerability management tools and processes, including vulnerability scanning, penetration testing coordination, vulnerability prioritization, and re,tion tracking.

• Policy & Standard Development & Implementation: Strong ability to develop, document, and implement security policies, standards, and procedures that align with industry best practices, regulatory requirements, and risk tolerance

• Communication & Stakeholder Collaboration: Excellent communication (written and verbal) and interpersonal skills to effectively communicate security risks, governance strategies, and policy recommendations to diverse stakeholders, including technical teams, management, and external partners.

PREFERRED CERTIFICATIONS

• CISSP (Certified Information Systems Security Professional)

• CISM (Certified Information Security Manager)

• CISA (Certified Information Systems Auditor)

• CRISC (Certified in Risk and Information Systems Control)

• CompTIA Security+

TOOLS AND TECHNOLOGIES

• Risk Management Frameworks: (e.g., NIST RMF, NIST CSF, ISO 27005)

• Risk Assessment Methodologies: (e.g., NIST 800-30, Threat Modeling)

• GRC Platforms: (e.g., ServiceNow GRC, RSA Clienther)

• Vulnerability Management Tools: (e.g., Tenable Nessus, Tanium)

• Penetration Testing Understanding: (Familiarity with tools & methodologies for report interpretation)

• Policy & Collaboration Tools: (e.g., SharePoint, Microsoft Teams, Policy Management Platforms)

Surrounding team/key projects:

• Develop and implement a Cybersecurity Risk Management Framework for ANSP Ground Systems (Based on NIST RMF or ISO 27005)

• Establish and mature vulnerability management program for aircraft ground infrastructure

• Develop and deploy a suite of Security Policies and Standards for Aviation System Development Lifecycle (SDLC)

• Conduct a comprehensive Cybersecurity Risk Assessment of a Critical Aviation Ground Systems using NIST 800-30

• Develop and deliver targeted Security Awareness Training for Aviation Operations Personnel on a Specific Risk Area