Sr. Principal Engineer, Product Cyber Vulnerability Assessment

Date Posted:

Country:

Location:

Position Role Type:

U.S. Citizen, U.S. Person, or Immigration Status Requirements:

Security Clearance Type:

Security Clearance Status:

At RTX, the world largest aerospace and defense company, 185,000 great minds are united by purpose and inspired to make a difference solving the world’s most complex problems. With our three market leading businesses, world-class operations and investments in research and development, we offer capabilities and opportunity no one else can. Together, we push the boundaries of known science and find new ways to connect and protect our world.

Raytheon brings the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today’s mission and stay ahead of tomorrow’s threat. We deliver solutions that help our nation and allies defend freedoms and deter aggression, creating a safer, more secure world. Join us and help shape the future of aerospace and defense.

What You Will Do

The Product Cybersecurity Center (PCsC) provides enterprise-wide services, enablers, training, and technical expertise that help RTX securely design, build, and assess the cybersecurity of its products. As a senior cybersecurity expert within this organization, the Sr. Principal Engineer, Cyber Vulnerability Assessment leads a broad range of product-focused security assessment activities—including vulnerability analysis, penetration testing, secure-design evaluation, and architectural review—to identify risks and strengthen the resilience of a broad range of RTX products across all lifecycle stages.

This role encompasses advanced vulnerability identification, penetration testing, secure design evaluation, architectural analysis, and risk assessment — all aimed at strengthening the cybersecurity posture and resilience of RTX products. It requires deep technical capability, strong analytical skills, and the ability to provide actionable recommendations that directly influence product engineering decisions.

A key component of this role is also the development and delivery of cybersecurity training that enables product teams to integrate secure practices into design, development, testing, and sustainment. The Sr. Principal Engineer ensures that assessment insights and real-world findings directly shape course content, hands-on exercises, and learning materials used across RTX engineering teams. Training is not an isolated task; it is a strategic capability that amplifies the impact of assessment activities by raising the overall cybersecurity proficiency of the product engineering workforce.

This is an individual contributor role with no direct reports, but it requires operating as a recognized technical leader. The Sr. Principal Engineer will regularly lead assessment teams composed of engineers and specialists from across the business, providing technical direction, mentoring, and coordinating activity to deliver high-impact product assessments. Influence, expertise, and the ability to guide others—without formal authority—are essential for success.

Key Responsibilities

Holistic Product Cybersecurity Assessment

• Conduct comprehensive cybersecurity evaluations of RTX products across embedded systems, mission systems, avionics, space platforms, hardware/software integrated systems, and cloud-connected components.

• Assess product attack surfaces, interfaces, workflows, and security controls to identify weaknesses that could impact mission performance, safety, or resilience.

• Perform system-level risk assessments and deliver prioritized mitigation recommendations tailored to product requirements and operational environments.

• Review and analyze design artifacts, system behaviors, interface specifications, and product architectures to identify potential vulnerabilities or insecure implementation choices.

Vulnerability Analysis & Penetration Testing

• Plan, execute, and lead advanced vulnerability analysis and penetration testing activities as part of end‑to‑end product cybersecurity assessments.

• Validate vulnerabilities and test exploitation feasibility across software, hardware, network, and physical attack surfaces across a broad range to RTX technologies – including both traditional IT systems and embedded systems.

• Simulate adversary behaviors to demonstrate realistic risk and help product teams identify areas needing hardening or redesign.

• Communicate findings clearly and provide actionable, prioritized remediation guidance to engineering and leadership stakeholders.

Product Architecture & Secure-Design Evaluation

• Evaluate product architectures, design approaches, interface definitions, data flows, and security controls for cybersecurity weaknesses.

• Conduct threat modeling, analyze attack paths, review cybersecurity requirements, and assess alignment with secure design principles.

• Identify cybersecurity gaps early in the development lifecycle and guide engineering teams on integrating effective mitigations.

• Collaborate with program architects, engineers, and product owners to ensure secure design practices are implemented throughout development.

Lifecycle Support Across RTX Product Stages

• Provide cybersecurity insight during initial product concept, requirements development, and early design phases.

• Support development teams with secure coding practices, configuration recommendations, and risk-based technical guidance.

• Validate implementation of mitigations and participate in verification and validation phases to help sustain a strong product cybersecurity posture.

• Assist programs in understanding and improving their security readiness at any stage of the product lifecycle.

Training, Enablement, and Capability Development

• Deliver cybersecurity training to systems, software, test, and product engineering teams, supporting PCsC’s enterprise training mission.

• Own and maintain at least one training course, ensuring content reflects current threats, secure design principles, assessment techniques, and product-specific considerations.

• Develop hands-on labs and real-world scenarios to help engineers understand vulnerabilities and best practices.

• Work with other PCsC service areas to ensure cohesive, integrated product security support across programs.

Technical Leadership & Enterprise Impact

• Serve as a senior subject-matter expert influencing cybersecurity decisions, risk evaluation, and secure engineering practices across multiple programs.

• Enhance cybersecurity assessment methodologies, automation approaches, and toolchains to improve consistency and efficiency across the enterprise – including the incorporation of AI and cutting edge technologies into processes.

• Provide thought leadership for the development of secure, resilient RTX products by advocating for best practices and emerging techniques.

• Mentor peers and share expertise across the broader product cybersecurity community.

Qualifications You Must Have

• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related technical discipline.

• 10+ years of experience in vulnerability assessment, penetration testing, offensive security, product cybersecurity, or similar hands‑on cybersecurity disciplines.

• Strong proficiency with penetration testing and vulnerability analysis tools and techniques (e.g., Nmap, Burp Suite, Metasploit, OWASP ZAP, Ghidra, IDA Pro, JTAGulator, Bus Pirate, ChipWhisperer).

• Experience delivering and developing material to a broad audience – including both technical and leadership positions (e.g., teaching, training, conference presentations, customer presentations).

• Professional certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GDSA, CISSP, or equivalent.

• The ability to obtain and maintain a U.S. government issued security clearance is required. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance

Qualifications We Prefer

• 12+ years of experience in product cybersecurity, secure product development, offensive security research, or advanced vulnerability analysis.

• Experience performing or contributing to product design assessments, threat modeling, and secure design evaluations.

• Familiarity with secure development practices, DevSecOps pipelines, and automated testing or scanning methods.

• Experience with traditional networking and communication protocols (e.g., TCP, UDP, IPSEC, HTTP/S,REST) as well as aviation and industrial bus standards such as ARINC 429, ARINC 664, MIL‑STD‑1553, CAN/CANbus, and related embedded communication protocols.

• Experience using AI/ML for testing, analysis, or automation.

• Advanced offensive security certifications (OSEE, OSED, OSCE3, GXPN, GREM, GSE).

• Experience with scripting or automation (Python, PowerShell, Bash, etc.).

• Demonstrated thought leadership through publications, conference participation, research, or open-source contributions.

• Experience evaluating product designs, architectures, system interfaces, and data flows for potential weaknesses.

• Experience with reading code or evaluating software code bases written in a variety of languages (C, C++, Java, etc)

Learn More & Apply Now

Please ensure the role type defined below is appropriate for your needs before applying to this role. This position is classified as:

Remote: Employees who are working in Remote roles will work primarily offsite (from home). If you live within a reasonable commute of an RTX site with other colleagues you interact with, your manager will discuss whether there is a degree of onsite presence associated with this role.

As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote.

RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans’ Readjustment Assistance Act.

Privacy Policy and Terms:

Click on this link to read the Policy and Terms