Engineer/Sr Engineer, IT Aviation Cybersecurity
American Airlines · Fort Worth, TX
This listing has closed — view similar roles below.
- On site
- Full-time
- $130,000 / year
- Fort Worth, TX
Job highlights
- Support aviation cybersecurity for a major airline.
- Research, design, and implement security systems.
- Collaborate with internal and external partners.
- Ensure compliance with FAA and industry standards.
- Analyze threats and support incident response.
About the role
About the Role
Join the American Airlines family and embark on a journey of professional growth and exciting travel opportunities. This role is part of the Information Technology team, specifically supporting the Cybersecurity (CS) Aviation Cybersecurity team. You will be instrumental in building and maintaining key relationships with internal departments such as Avionics Engineering, Cabin Experience, Maintenance Technology, Government Affairs, Corporate Security, and Corporate Safety, as well as external industry partners. Your expertise will contribute to staying abreast of the latest developments in aviation cybersecurity, performing risk analysis, recommending mitigation strategies, and promoting cybersecurity practices for digital aircraft.
What You'll Do
- Leverage cybersecurity expertise to drive the technical research, planning, and architectural design of systems related to digital aircraft, ensuring data confidentiality, integrity, and availability.
- Define, develop, and deliver technical solutions and security requirements incorporating industry and company technology standards across multiple security domains.
- Provide internal security consultations for teams supporting digital aircraft, ground, and communication systems.
- Support standards, regulations, and compliance activities from a cybersecurity perspective for the FAA and other governing bodies.
- Interface with industry counterparts including Aviation-ISAC, IATA Cybersecurity Task Force, and oneworld partners.
- Assist with cyber-incidents related to AA's aviation technologies.
- Deliver and maintain key artifacts and work products supporting system review, software development, and quality assurance for airline operations.
- Ensure digital aircraft systems and endpoints are scanned using Vulnerability Management tools and practices.
- Coordinate with business, IT teams, and IS Risk to remediate compliance findings in a timely manner, addressing risk reduction objectives.
- Demonstrate a continuous improvement mindset and maintain an effective approach to problem-solving, multi-tasking, coordinating, and scheduling.
- Work extended hours occasionally and may require periodic travel, with advance planning.
Minimum Qualifications
- Bachelor's degree in Information Technology, IT Security, Network Systems Technology, or related technical discipline, or equivalent experience/training.
- 5 years of experience in security technology design.
- 5 years of network, server, and application systems development experience.
Preferred Qualifications
- 5 years designing, deploying, and managing PKI and cryptographic solutions.
- 5 years hands-on experience with Identity and Access solutions.
- 3 years experience in Network Security and VPN solutions.
- 4+ years' experience in NIST 800 series frameworks.
- Application coding and scripting via Python, SQL, BASH, or PowerShell.
- Preferred Certifications: CISSP, CISM, CISA, CEH, GIAC aviation-aligned certs (GCIA, GCFA, GMON, GCTIM), Microsoft/Azure security certs (AZ-500, SC-100), Zero Trust-related GIAC certs (GDAT).
Skills, Licenses & Certifications
- Understanding of airworthiness cybersecurity concepts, regulatory compliance, and governance norms.
- Familiarity with industry standards development and governing bodies (RTCA, IATA, ARINC, FAA) in aviation cybersecurity.
- Experience analyzing cybersecurity for avionics, ground systems, networks, tooling, 3rd parties, and other aviation-adjacent systems.
- Awareness of aviation cyber threat vectors (airborne software manipulation, GPS spoofing, ADS-B misuse, datalink manipulation, avionics tampering).
- Experience working alongside SIEM platforms (Microsoft Sentinel, Splunk) for log collection, detection engineering, or triage.
- Familiarity with UEBA, anomaly detection, KQL, Sigma-to-KQL translation.
- Understanding of Public Key Infrastructure (PKI) concepts in aviation: X.509, OCSP, CRL, certificate chain validation.
- Awareness of cryptographic workflows for loadable software parts, avionics signing, or aircraft-to-ground authentication.
- Experience integrating certificate-based identity into network security or Zero Trust architectures.
- Familiar with NIST Special Publications (e.g., 800-171, 800-30).
- Ability to perform vulnerability testing, risk analyses, and security assessments.
- Knowledge of secure integration of cybersecurity into the aircraft software lifecycle.
- Ability to coordinate security reviews with TechOps, Avionics Engineering, EFB Engineering, and Connectivity teams.
- Familiarity with aircraft operational telemetry, uptime considerations, and failure-mode assessment.
- Ability to support aviation-specific incident response.
- Significant experience with virtualization architectures (Citrix, VMWare, Hyper-V).
- Experience collaborating with project managers, engineers, architects, administrators, and customers.
- Experience presenting to senior leadership.
- Experience with Active Directory Group Policy, Local Security Policy, and Windows scripts.
- Knowledge of cloud technologies and risk assessment criteria (IaaS/PaaS/SaaS).
- Proficient in Agile and SDLC methodologies.
What You'll Get
- Travel Perks: Access to 365 destinations on over 6,800 daily flights globally for you, your family, and friends.
- Health Benefits: Comprehensive health, dental, prescription, and vision benefits starting on day one, including virtual doctor visits and flexible spending accounts.
- Wellness Programs: Resources and support to help you be your best self.
- 401(k) Program: Available upon hire with potential employer contributions after one year.
- Additional Benefits: Employee Assistance Program, pet insurance, and discounts on hotels, cars, cruises, and more.
Feel free to be yourself at American
Inclusion and diversity are core to American Airlines' dynamic workforce. Our Employee Business Resource Groups foster connections and create an inclusive environment. Join us to maintain the operations of the largest airline in the world and care for people on their journey.
Key skills/competency
- Cybersecurity
- Aviation Cybersecurity
- IT Security
- Risk Analysis
- Network Security
- PKI
- Vulnerability Management
- NIST Frameworks
- Incident Response
- Information Technology
Skills & topics
- IT Aviation Cybersecurity Engineer
- Cybersecurity
- Aviation Security
- Information Technology
- Network Security
- Risk Management
- Compliance
- FAA Regulations
- PKI
- Vulnerability Management
- Incident Response
- American Airlines
- NIST
- SIEM
- Python
- Cloud Security
- Zero Trust
How to get hired
- Tailor your resume: Highlight experience with aviation cybersecurity, NIST frameworks, and PKI solutions relevant to the IT Aviation Cybersecurity Engineer role.
- Showcase technical skills: Emphasize your proficiency in security technology design, network/server/application systems development, and scripting languages like Python or PowerShell.
- Demonstrate industry knowledge: Mention your familiarity with aviation cybersecurity concepts, FAA regulations, and industry bodies like IATA and Aviation-ISAC.
- Prepare for interviews: Be ready to discuss your experience with risk analysis, vulnerability management, and incident response in aviation contexts.
- Research American Airlines: Understand their commitment to cybersecurity and their role in the aviation industry.
Technical preparation
Master PKI, cryptography, and identity management.,Deepen knowledge of NIST 800 series frameworks.,Practice scripting with Python, SQL, BASH, PowerShell.,Familiarize with SIEM tools like Sentinel or Splunk.
Behavioral questions
Describe a complex security problem you solved.,How do you handle conflicting stakeholder priorities?,Explain a time you influenced a technical decision.,How do you stay updated on cyber threats?
Frequently asked questions
- What specific cybersecurity challenges does American Airlines face in aviation?
- American Airlines, like any major airline, faces unique aviation cybersecurity challenges including securing digital aircraft systems, protecting flight-critical data, mitigating threats like GPS spoofing and avionics tampering, and ensuring compliance with FAA regulations. The IT Aviation Cybersecurity Engineer role is crucial in addressing these complex issues.
- What is the importance of PKI and cryptographic solutions in this IT Aviation Cybersecurity Engineer role?
- PKI and cryptographic solutions are vital for securing digital aircraft systems and communications at American Airlines. They are used for authenticating software, verifying data integrity, and ensuring secure communication channels, all of which are critical for flight safety and operational security. Experience in designing, deploying, and managing these systems is highly valued.
- How does American Airlines approach compliance with aviation cybersecurity regulations like those from the FAA?
- American Airlines adheres to stringent cybersecurity standards mandated by the FAA and other governing bodies. This role directly supports compliance activities by ensuring systems meet regulatory requirements, participating in security reviews, and assisting with audits. Understanding NIST 800 series frameworks is key to this compliance effort.
- What are the opportunities for career growth within American Airlines' cybersecurity team?
- This role offers significant opportunities for career growth within American Airlines' cybersecurity division. By gaining experience in specialized aviation cybersecurity and working with cutting-edge technologies, you can advance into senior engineering, architecture, or leadership positions within the IT and cybersecurity departments.
- What is the typical day-to-day for an IT Aviation Cybersecurity Engineer at American Airlines?
- A typical day might involve researching new security threats, designing security solutions for digital aircraft, consulting with engineering teams, analyzing vulnerability scan results, coordinating remediation efforts with IT teams, and staying updated on industry best practices and regulatory changes. Collaboration with various internal and external stakeholders is constant.
- Does American Airlines encourage continuous learning and certifications for its cybersecurity professionals?
- Yes, American Airlines values continuous learning. The preferred qualifications and skills section lists several highly regarded cybersecurity certifications such as CISSP, CISM, and GIAC aviation-aligned certs. Pursuing these demonstrates a commitment to staying current in the field and can be beneficial for career progression within the company.