Aviation Security Risk And Compliance Engineer

Company Description

On May 31, 2023, Viasat completed its acquisition of Inmarsat, combining the teams, technologies and resources of the two companies to create a new global communications partner and continues to power the digitalisation of them maritime industry, making operations more efficient and safer than ever before. 

About Viasat 

Viasat is a global communications company that believes everyone and everything in the world can be connected. With offices in 24 countries around the world, our mission shapes how consumers, businesses, governments and militaries around the world communicate and connect. Viasat is developing the ultimate global communications network to power high-quality, reliable, secure, affordable, fast connections to positively impact people's lives anywhere they are—on the ground, in the air or at sea, while building a sustainable future in space.

Platforms & Software (P&S)

The Platformsand Software (P&S) division maintains a centre of excellence for technology and broader infrastructure-related innovation, translating market needs into core expansion programmes to enable market development. We ensure that products and services are constantly pushing the boundaries of satellite communications.  The P&S team is responsible for delivering development programmes, including satellites and launchers, ground infrastructure (ground stations, networks, user terminals and access technology), regulatory, market access and product and service development. 

Job Description

Primary role purpose:

The Aviation Security Risk and Compliance Engineer will work within a small team within the Platforms and Software Services group who are responsible for software platforms, infrastructure, and development to support current and future demand for Inflight Connectivity Services.

As a Security Risk and Compliance Engineer, you will play a crucial role in ensuring the safety and security of our organization's systems and data. With the constant threat of cyber attacks and the ever-evolving regulatory landscape, your expertise in Security Risk management and Compliance will help us maintain a robust security posture.

In this role, you will be responsible for identifying potential vulnerabilities and risks, conducting risk assessments, and implementing appropriate security controls. You will also be involved in reviewing and updating security policies and procedures, as well as collaborating with internal teams and external stakeholders to ensure security best practices and Compliance with industry regulations and standards.

The role requires close working with industry partners including aircraft manufacturers (i.e. Airbus and Boeing), avionics suppliers and airlines.  Representing Viasat as a technical expert in meetings with these partners/customers and must be capable of dealing confidently with experts in similar and adjacent disciplines.

If you are a detail-oriented professional with a strong analytical mindset and a passion for security, this is an excellent opportunity to contribute to the safety and success of our services. Join us and be part of a dynamic and rewarding environment where your skills will make a real difference. 

Key Responsibilities:

• Develop and maintain a comprehensive Security Risk management framework
• Write technical and business and Compliance documentation/reports.
• Provide subject matter expertise to project, delivery teams and Platform Operations teams.
• Provide project driven support for Aircraft Network Security functions and help ensure these are delivered on time and within budget and complaint to applicable regulations by Steering and Auditing internal and external contributors.
• Form strong technical relationships with peers at satcom avionic manufacturers, airframers, ESA, and Inmarsat service providers to help Manage for infrastructure   implementation, verification, and change management security
• Contribution towards relevant internal standards and configuration templates.

• Conduct regular risk assessments identifying vulnerabilities, threats and remediations
• Liaising with Cyber Security teams on reporting on network and security advisories
• Own & Audit the enforcement of security controls and measures to mitigate identified risks
• Review and recommend updates to security policies and/or procedures/standards to ensure compliance with industry regulations and best practices
• Collaborate with internal teams to establish security requirements for new systems and applications
• Monitor and analyse security incidents and perform incident response activities
• Work with others within the Technology and Operations teams to achieve above 

Qualifications

Essential Knowledge and Skills:

• You must be eligible to work in this location advertised
• In-depth knowledge of security frameworks, such as NIST, ISO 27001, and PCI DSS
• Proven experience in Security Risk management & compliance in ISO 27001, GDPR, PCI DSS
• Strong understanding of network security principles and practices
• Experience in conducting risk assessments and threat modelling
• Generally proficient in Linux operating systems (e.g., Red Hat, CentOS, Alma, ubuntu)
• Familiarity with security technologies, including firewalls, intrusion detection systems, and encryption techniques
• Ability to work in a team environment and be able to prioritise own schedule
• Ability to work under pressure and show flexibility when required
• Willingness to learn new skills and be self-motivate.
• Professional certifications, such as CISSP, CISA, or CRISC, similar
• Experience in the identification and capture of IT functional and non-functional requirements for large, complex projects
• Strong inter-personal skills including the ability to establish & maintain relationships & trust
• Ability to work in a complex, international matrix organization alongside 3rd-parties

Desirable Knowledge and Skills:

• Demonstrable knowledge of national and international legislation & regulatory frameworks (EASA, ICAO, FAA etc) as well as the bodies that set the standards (BSi, LAA, CEN etc)
• Knowledge of aeronautical Air Traffic Service domain in areas such as standards (e.g. ARINC, RTCA, Eurocae), or Certification
• Proven experience in Security Risk management and Compliance within the aviation industry
• Bachelor's degree in Computer Science, Information Security, or a related field
• Knowledge of ancillary network tools monitoring / troubleshooting tools like Wireshark would be advantageous
• Scripting knowledge
• Knowledge of PKI
• Knowledge of networking technology including routers, switches, and firewalls
• Good knowledge of software development and engineering techniques
• Knowledge of Inmarsat and other satellite communications systems

Additional Information

You must be eligible to work in this location advertised.

Our culture and ways of working 

Our values define our culture and represent what we believe in. Employees aspire to behaviours that support our values, which create a stronger working environment and lie at the heart of our continued success as an organisation. 

• Customer – we provide a unique value to our customers 
• Accountability – we take ownership, we deliver results, and we keep our promises 
• Respect – we collaborate, we embrace and celebrate diversity and we value difference 
• Excellence – we create bold solutions for our customers and put quality at the heart of everything we do 

We also value and encourage a healthy work-life balance, so we offer flexible working wherever possible. Depending on the operational requirements of your job and your team, we can offer compressed hours (nine-day fortnight), hybrid office-remote working, and flexibility during your working day to take care of personal commitments. 

Diversity

We want the best people for the job, and we warmly welcome applications from you if you’re suitably qualified and eligible, regardless of your sex, gender, age, race, ethnicity, disability, sexuality, gender identity, neurodiverse qualities, religion or belief, marital status, pregnancy, or maternity status. 

We are signed up to the Halo Hair Code, which aims to protect employees who come to work with natural hair and protective hairstyles associated with their racial, ethnic, and cultural identities. 

To give you the best experience possible during your application process and interview, we can make adjustments. For example, if you’re visually impaired we’ll happily meet you locally and help you find your way to our office, or if you have neurodiverse qualities, we can provide you with additional support to help you prepare for your interview. Please let our Resourcing Team know if there are any ways in which we can support you.