Cybersecurity Specialist

Eaton\u2019s Corporate Sector division is currently seeking a Cybersecurity Specialist. \n\nThe expected annual salary range for this role is $113,000 - $175,000 a year. \n\nPlease note the salary information shown above is a general guideline only. Salaries are based upon candidate skills, experience, and qualifications, as well as market and business considerations. \n\n## What you\u2019ll do:\n\nThe Cybersecurity Specialist (Aerospace) will be part of a global team of security experts driving \u2018Security by Design\u2019 philosophy in Eaton product and solutions. This position will coordinate, advocate, and lead the cybersecurity activities across various product groups within the Aerospace Division. This is a hybrid work schedule that will be based out of our Moon Township, PA location with up to 10% travel. Relocation assistance offered. \n \nESSENTIAL FUNCTIONS: \n\u2022 Lead Engineer will be the Cybersecurity technical leader for driving Secure Product Development processes across various Aerospace division product portfolio. \n\u2022 Works directly with Eaton Product Cybersecurity CoE to help define hardware/software cybersecurity requirements for Products in Aerospace division. \n\u2022 Works directly with the Product Cybersecurity COE in coordinating /planning the Vulnerability Assessment \u0026 Penetration Testing of the existing and upcoming Eaton Cyber Physical products and solutions spanning a wide range of technologies including Aero-grade Microprocessors / Silicon components, FPGAs, Avionics, IoT devices, systems \u0026 solutions, Cloud Infrastructure Web applications, mobile applications, thick clients, wireless devices, embedded systems deployed within Aviation product context. \n\u2022 Drives Threat Modeling and Risk Assessment exercise with product teams early in the design and throughout the entirety of the development lifecycle to identify applicable cybersecurity requirements, in consultation with the experts within the Product Cybersecurity COE. \n\u2022 Providing hands-on guidance to the product teams as they implement complex cybersecurity features and requirements in their products by creating the Cybersecurity concepts. \n\u2022 Works closely with the Product Cybersecurity COE to build / deploy \u0026 maintain security tools and security automation frameworks to drive efficiency \u0026 effectiveness of the Cybersecurity work package delivery across various projects for the Aerospace group. \n\u2022 Supports the DevSecOps teams with automation of cybersecurity best practices. \n\u2022 Evangelizing and providing technical security trainings to the Technical Leaders, Cybersecurity Engineers, software developers and test engineers across the organization and evangelizing the importance of cybersecurity in other functions like product / project management \u0026 sales /services. \n\u2022 Works with the marketing function at division / sector / corporate level to build marketing collateral to amplify and build competitive advantage for Eaton products around \u2018Secure-by-design\u2019 \u0026 Cybersecurity certification. \n\u2022 Monitoring evolving threat landscape, cybersecurity technologies, standards, frameworks within Aerospace industry and drive continuous improvement in Eaton\u2019s cybersecurity requirements, frameworks and processes to comply / address / respond to the constantly evolving external landscape \n\u2022 Participates \u0026 represents Eaton in the Cybersecurity standardization bodies and maintains a Professional qualifications and credentials as a thought leader in the area of Cybersecurity of Critical Infrastructures. \n\n## Qualifications:\n\nBasic Qualifications: \n-Bachelor\u2019s or master\u2019s degree in Electrical Engineering, Electronics Engineering, Avionics, or Computer Science. \n-Minimum 8 years of experience in Product cybersecurity within Critical Infrastructure \u0026 Cyber Physical Systems Security, or Aerospace security. \n-You must be a U.S. citizen to be eligible and considered for this position pursuant to applicable U.S. Federal Government contract requirements. \n-Candidate must be eligible to obtain and maintain a U.S. Government security clearance (Secret or higher) as required by applicable US government regulations (ITAR, EAR or equivalent national regulations) to the program assignments. \n-Eaton will not consider applicants for employment immigration sponsorship or support for this position. This means that Eaton will not support any CPT, OPT, or STEM OPT plans, F-1 to H-1B, H-1B cap registration, O-1, E-3, TN status, I-485 job portability, etc. \n-This position requires access to export-controlled information. To conform to U.S. Government export regulations applicable to that information, applicant must be a U.S. person, defined as a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (green card holder), (iii) refugee under 8 U.S.C. \u00a7 1157, or (iv) asylee under 8 U.S.C. \u00a7 1158.\n\n \nPreferred Qualifications \n-Demonstrate a functional knowledge of the various communications technologies used in Avionics, both within the Aircraft \u0026 the IT and the OT technologies used in Aviation Industry. \n-Demonstrate a functional understanding of DO-326A, DO-356A standards and various Federal and Industry regulations emerging in the area of Aerospace security. \n-Familiarity with NIST 800 53 / 800 171, CMMC, or defense cybersecurity compliance frameworks. \n-Experience applying security controls to model based verification and validation (V\u0026V) activities, including simulation, Hardware in the Loop (HIL), Software in the Loop (SIL), and Model in the Loop (MIL) testing \n-5+ years of relevant experience in Product cybersecurity, preferably in the area of engineering, program and portfolio management, risk management, preferably within Critical Infrastructure \u0026 Cyber Physical Systems Security, Aerospace security. \n-Prior experience supporting Defense, Aerospace, or Government programs requiring security clearance or export-controlled data. \n-Must be able to clearly understand \u0026 articulate security requirements related to each of IT, OT, IoT, and IIoT. \n-Demonstrate functional understanding of threat modeling, deployment modeling, and how they can affect vulnerability assessments. \n-Demonstrate a functional understanding of the Secure Product Development Lifecycle. \n-Experience performing Threat Modeling of products, systems, and solutions AND Penetration Testing of various technologies with focus on Hardware components, Avionics components, on-board communication protocols (ARINC 429, 825 etc.). \n-Understand and reviewing the security features and datasheet of various chipsets used in the aerospace and recommend right chipsets for our products. \n-Perform architectural reviews of the hardware designs that impact hardware root of trust, bootloader, secure boot, certificate/key storage etc. on various platforms. \n-Demonstrate a functional understanding of cryptography (PKI, Key Management, Digital Certificates etc.) and security protocols. \n-Demonstrate a functional understanding of Secure Code development practices. \n-Understanding of how model based development intersects with Secure Product Development Lifecycle (SPDL), DevSecOps, and Aerospace certification requirements. \n-Experience with integrating Security requirements \u0026 test scenarios into Model-based SW Engineering practices across the product lifecycle.\n\n## ADDITIONAL INFORMATION:\n\n\u2022 Significant experience in Hardware, applications security, avionics security and systems security \n\u2022 Secure Software Development Lifecycle experience \n\u2022 Interest and experience in all aspects of computer and network security. From requirements gathering, designing, development, testing, user experience to operations. \n\u2022 Experience designing security solutions for Aerospace. \n\u2022 Understanding of security software solutions (IPS, Firewall, application firewalls, device security, encryption, etc.)\n\n#LI-ML1\n\nAll positions may require participation in video and in-person interviews as part of the hiring process. All candidates will be evaluated based on job-related competencies, and all candidates\u2019 privacy rights and data security will be protected in accordance with applicable laws. \n\nWe are committed to ensuring equal employment opportunities for all job applicants and employees. Employment decisions are based upon job-related reasons regardless of an applicant\u0027s race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, marital status, genetic information, protected veteran status, or any other status protected by law.\n\nEaton believes in second chance employment. Qualified applicants with arrest or conviction history will be considered regardless of their arrest or conviction history, consistent with the Los Angeles County Fair Chance Ordinance, the California Fair Chance Act and other local laws.\n\nYou do not need to disclose your conviction history or participate in a background check until a conditional job offer is made to you. After making a conditional offer and running a background check, if Eaton is concerned about conviction that is directly related to the job, you will be given the chance to explain the circumstances surrounding the conviction, provide mitigating evidence, or challenge the accuracy of the background report.\n\nTo request a disability-related reasonable accommodation to assist you in your job search, application, or interview process, please call us at 1-800-836-6345 to discuss your specific need. Only accommodation requests will be accepted by this phone number.\n\nWe know that good benefit programs are important to employees and their families. Eaton provides various Health and Welfare benefits as well as Retirement benefits, and several programs that provide for paid and unpaid time away from work. Click here for more detail: Eaton Benefits Overview. Please note that specific programs and options available to an employee may depend on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.\n