Principal Software Engineer (Security)

At Safran Passenger Innovations, we make flying fun by focusing on maximizing the Passenger Experience. As an innovative In-Flight Entertainment and Connectivity (IFEC) company we design, engineer, manufacture, sell and support world-class In-Flight Entertainment and Connectivity solutions. Our products are constantly evolving, solving complex media distribution, playback, and networking problems in a secure, demanding on-wing environment. Safran IFEC products are utilized by many of the world’s premier air carriers. Step aboard and help us by creating the best in-flight experiences for today and beyond!

Job Summary

As a Principal Security Software Engineer on the Software Development team, you will engage with an experienced cross-disciplinary staff to design and implement innovative In-Flight Entertainment (IFE) products applying state-of-the-art security principles (wired and wireless) concepts and technologies to modernize all security aspects of our platform, including on-wing and off-wing Compute, Connectivity, Networking, and Storage. Working closely with inter-disciplinary teams you will participate in the architecture, design, development, test, and integration of software features for the RAVE IFEC systems and products using a hybrid development methodology in a regulated environment. You must be a self-starter, responsive, flexible, and able to succeed within an open, collaborative peer environment.

Duties and Responsibilities:

• Contribute to the design, creation, development, and improvement of security features, packaging, tools, testing, test automation, continuous integration, delivery, documentation, and building of complex distributed systems in a low power, low latency, heat-conscious environment
• Problem-solving - troubleshoot, triage, debug, and resolve security issues
• Demonstrate a passion for continuous improvement and take personal ownership of quality
• Provide guidance, mentoring, training, and support across product development and the broader IFE business with respect to security best practices
• Provide realistic estimates, foster a culture of transparency, and meet agreed-upon commitments
• Facilitate communication internally, with stakeholders, users, and/or customers on specifications, architecture, design, implementation, and approvals
• Actively participate, engage, and contribute during meetings
• Leverage other internal organizations to facilitate product success
• Prepare and present technical information for large and diverse audiences
• Assess third-party and open-source software and in some cases implement the same
• Adhere to, contribute to, and help improve both organizational processes and the software development lifecycle (SDLC)

Pay: $148,000 - $197,000 per year

Requirements

• Bachelor’s Degree in Computer Science, or equivalent experience in a related field (Cybersecurity training or experience is advantageous)
• 3-6 years of experience in a Senior (or above) level role within Security software engineering
• 15+ years of overall software development experience

Required Experience

• 5+ years of proven experience in containers technologies, microservices, and DevOps practices
• Expert on monolithic to secure by design microservices with an eye towards practical migrations and attack surface analysis
• Expert in service-to-service (API) communication security and monitoring
• Security – holistic - Experience with security engineering concepts and practices including system and network security, authentication, protocols, cryptography, DB, and application security in regulated environments
• Enterprise-level expertise in securing the development and delivery of complex distributed computing environments
  • Mastery of basic security concepts such as authentication, authorization (IAM), DevSecOps, Infrastructure as Code, and Microservices/Containers
  • Deep network understanding including protocols, debugging, layers, security, intrusion detection, log analysis, and network scanning
  • Understand the OSI model and the relationship between layers
  • Hybrid networking concepts (Cloud/On-Prem/On-Wing)
  • Secure design of API’s, queuing/messaging
  • Securing Kubernetes
• Design experience with implementing Digital Rights Management (DRM) tools and key/secrets management
• Experience with decentralized access control in complex distributed environments
• UNIX/Linux or embedded operating systems using C/C++
• Experience troubleshooting & root cause analysis of software and hardware security issues
• Experience with formal Engineering Requirements documentation and processes

Desired Experience

• Understanding of embedded circuit design and PCB schematics, particularly with ARM/x86 processors
• Board-level security concepts and design
• Understanding of Platform as a Service (PaaS) concepts and how to construct secure compute platforms from physical hardware all the way up the stack. This includes the ability to assess/evaluate and utilize primitives in a constrained environment.
• Experience integrating automated security tests into CI/CD
• Skilled at designing high availability platforms with quick recovery objectives
• Adept at implementing internal tools to support development and troubleshooting for the entire stack
• Linux kernel expertise – can design and abstract/isolate/control low-level calls via wrapper/abstraction and create custom Linux distributions leveraging Yocto.
• Understanding of Video/Media content, playback, delivery, and streaming including DRM as well as an understanding of distributed file sharing concepts like BitTorrent

Experiences with any of the following languages, technologies, and/or techniques would be advantageous:

• Low-level kernel/driver knowledge of Linux 4.x and 5.x
• MQTT, IPC, RPC, sockets, and/or audio/video players.
• Highly available, fault-tolerant, distributed, or clustered systems development
• ARINC 429 (data transfer) and RS-485/422.
• Understanding of bus design: I2C, PCIe, SPI, MDIO, CAN, etc.
• Experience with various security/cryptography concepts such as PKI, SSL, and TLS with respect to embedded devices
• Windows using C/C++/C#, .Net, web programming, JavaScript, ASP, SQL, Node, Go and functional compute like AWS Lambda
• Mobile application communications development and loosely coupled designs
• Understanding of containers and virtual machines using Docker Swarm, Kubernetes, or other control planes and compute primitives
• Experience refactoring/rearchitecting monolithic solutions into distributed microservices, containerized or serverless with heavy API design and implementation strategies