Cyber Security Engineer with the Airline Industry

Role:- Cyber Security Engineer with the Airline Industry
Location:- Dallas, TX onsite (in-person interview)

SKILLS
Cybersecurity Risk & Governance Expertise: Requires 3-5 years of progressive cybersecurity engineering experience with a deep understanding of risk management frameworks (NIST SP 800-37, ISO 27005), governance principles, vulnerability management, and security policy development.
Risk Assessment & Mitigation: Proven experience conducting risk assessments (NIST 800-30, NIST CSF), identifying vulnerabilities, analyzing threats, and developing effective mitigation strategies.
Vulnerability Management Program Expertise: Expertise in vulnerability management tools and processes, including vulnerability scanning, penetration testing coordination, vulnerability prioritization, and remediation tracking.
Policy & Standard Development & Implementation: Strong ability to develop, document, and implement security policies, standards, and procedures that align with industry best practices, regulatory requirements, and risk tolerance
Communication & Stakeholder Collaboration: Excellent communication (written and verbal) and interpersonal skills to effectively communicate security risks, governance strategies, and policy recommendations to diverse stakeholders, including technical teams, management, and external partners.

PREFERRED CERTIFICATIONS
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CISA (Certified Information Systems Auditor)
CRISC (Certified in Risk and Information Systems Control)
CompTIA Security

TOOLS AND TECHNOLOGIES

Risk Management Frameworks: (e.g., NIST RMF, NIST CSF, ISO 27005)
Risk Assessment Methodologies: (e.g., NIST 800-30, Threat Modeling)
GRC Platforms: (e.g., ServiceNow GRC, RSA Archer)
Vulnerability Management Tools: (e.g., Tenable Nessus, Tanium)
Penetration Testing Understanding: (Familiarity with tools & methodologies for report interpretation)
Policy & Collaboration Tools: (e.g., SharePoint, Microsoft Teams, Policy Management Platforms)

Surrounding team/key projects:

Develop and implement a Cybersecurity Risk Management Framework for ANSP Ground Systems (Based on NIST RMF or ISO 27005)
Establish and mature vulnerability management program for aircraft ground infrastructure
Develop and deploy a suite of Security Policies and Standards for Aviation System Development Lifecycle (SDLC)
Conduct a comprehensive Cybersecurity Risk Assessment of a Critical Aviation Ground Systems using NIST 800-30
Develop and deliver targeted Security Awareness Training for Aviation Operations Personnel on a Specific Risk Area