IT Aviation Cybersecurity Engineer

About the Role

Join the American Airlines family and embark on a journey of professional growth and exciting travel opportunities. This role is part of the Information Technology team, specifically supporting the Cybersecurity (CS) Aviation Cybersecurity team. You will be instrumental in building and maintaining key relationships with internal departments such as Avionics Engineering, Cabin Experience, Maintenance Technology, Government Affairs, Corporate Security, and Corporate Safety, as well as external industry partners. Your expertise will contribute to staying abreast of the latest developments in aviation cybersecurity, performing risk analysis, recommending mitigation strategies, and promoting cybersecurity practices for digital aircraft.

What You'll Do

• Leverage cybersecurity expertise to drive the technical research, planning, and architectural design of systems related to digital aircraft, ensuring data confidentiality, integrity, and availability.
• Define, develop, and deliver technical solutions and security requirements incorporating industry and company technology standards across multiple security domains.
• Provide internal security consultations for teams supporting digital aircraft, ground, and communication systems.
• Support standards, regulations, and compliance activities from a cybersecurity perspective for the FAA and other governing bodies.
• Interface with industry counterparts including Aviation-ISAC, IATA Cybersecurity Task Force, and oneworld partners.
• Assist with cyber-incidents related to AA's aviation technologies.
• Deliver and maintain key artifacts and work products supporting system review, software development, and quality assurance for airline operations.
• Ensure digital aircraft systems and endpoints are scanned using Vulnerability Management tools and practices.
• Coordinate with business, IT teams, and IS Risk to remediate compliance findings in a timely manner, addressing risk reduction objectives.
• Demonstrate a continuous improvement mindset and maintain an effective approach to problem-solving, multi-tasking, coordinating, and scheduling.
• Work extended hours occasionally and may require periodic travel, with advance planning.

Minimum Qualifications

• Bachelor's degree in Information Technology, IT Security, Network Systems Technology, or related technical discipline, or equivalent experience/training.
• 5 years of experience in security technology design.
• 5 years of network, server, and application systems development experience.

Preferred Qualifications

• 5 years designing, deploying, and managing PKI and cryptographic solutions.
• 5 years hands-on experience with Identity and Access solutions.
• 3 years experience in Network Security and VPN solutions.
• 4+ years' experience in NIST 800 series frameworks.
• Application coding and scripting via Python, SQL, BASH, or PowerShell.
• Preferred Certifications: CISSP, CISM, CISA, CEH, GIAC aviation-aligned certs (GCIA, GCFA, GMON, GCTIM), Microsoft/Azure security certs (AZ-500, SC-100), Zero Trust-related GIAC certs (GDAT).

Skills, Licenses & Certifications

• Understanding of airworthiness cybersecurity concepts, regulatory compliance, and governance norms.
• Familiarity with industry standards development and governing bodies (RTCA, IATA, ARINC, FAA) in aviation cybersecurity.
• Experience analyzing cybersecurity for avionics, ground systems, networks, tooling, 3rd parties, and other aviation-adjacent systems.
• Awareness of aviation cyber threat vectors (airborne software manipulation, GPS spoofing, ADS-B misuse, datalink manipulation, avionics tampering).
• Experience working alongside SIEM platforms (Microsoft Sentinel, Splunk) for log collection, detection engineering, or triage.
• Familiarity with UEBA, anomaly detection, KQL, Sigma-to-KQL translation.
• Understanding of Public Key Infrastructure (PKI) concepts in aviation: X.509, OCSP, CRL, certificate chain validation.
• Awareness of cryptographic workflows for loadable software parts, avionics signing, or aircraft-to-ground authentication.
• Experience integrating certificate-based identity into network security or Zero Trust architectures.
• Familiar with NIST Special Publications (e.g., 800-171, 800-30).
• Ability to perform vulnerability testing, risk analyses, and security assessments.
• Knowledge of secure integration of cybersecurity into the aircraft software lifecycle.
• Ability to coordinate security reviews with TechOps, Avionics Engineering, EFB Engineering, and Connectivity teams.
• Familiarity with aircraft operational telemetry, uptime considerations, and failure-mode assessment.
• Ability to support aviation-specific incident response.
• Significant experience with virtualization architectures (Citrix, VMWare, Hyper-V).
• Experience collaborating with project managers, engineers, architects, administrators, and customers.
• Experience presenting to senior leadership.
• Experience with Active Directory Group Policy, Local Security Policy, and Windows scripts.
• Knowledge of cloud technologies and risk assessment criteria (IaaS/PaaS/SaaS).
• Proficient in Agile and SDLC methodologies.

What You'll Get

• Travel Perks: Access to 365 destinations on over 6,800 daily flights globally for you, your family, and friends.
• Health Benefits: Comprehensive health, dental, prescription, and vision benefits starting on day one, including virtual doctor visits and flexible spending accounts.
• Wellness Programs: Resources and support to help you be your best self.
• 401(k) Program: Available upon hire with potential employer contributions after one year.
• Additional Benefits: Employee Assistance Program, pet insurance, and discounts on hotels, cars, cruises, and more.

Feel free to be yourself at American

Inclusion and diversity are core to American Airlines' dynamic workforce. Our Employee Business Resource Groups foster connections and create an inclusive environment. Join us to maintain the operations of the largest airline in the world and care for people on their journey.

Key skills/competency

• Cybersecurity
• Aviation Cybersecurity
• IT Security
• Risk Analysis
• Network Security
• PKI
• Vulnerability Management
• NIST Frameworks
• Incident Response
• Information Technology