Назад
Company hidden
6 дней назад

Senior Third Party Risk Management Engineer (Aerospace)

207 400 - 259 200$
Формат работы
onsite
Тип работы
fulltime
Грейд
senior
Английский
c1
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Senior Third Party Risk Management (TPRM) Engineer (Aerospace): Executing vendor cyber risk functions across the supplier ecosystem with an accent on NIST SP 800-161, CMMC Level 2, and SOX compliance. Focus on monitoring third-party attack surfaces, conducting deep-dive risk investigations, and building scalable due diligence processes for a high-growth aerospace company.

Location: Must be based in San Jose, California

Salary: $207,400 - $259,200

Company

hirify.global is an aerospace company building all-electric vertical takeoff and landing aircraft to advance sustainable air mobility.

What you will do

  • Operate BitSight and continuous monitoring platforms to manage the third-party attack surface.
  • Conduct deep-dive investigations into vendor risk signals, including CVEs, credential leaks, and dark web indicators.
  • Identify and monitor critical 4th-party sub-processor dependencies and supply chain concentration risks.
  • Drive risk closure by issuing formal findings and coordinating remediation with internal stakeholders.
  • Produce executive-quality risk briefings and board-level metrics for leadership.
  • Design and administer risk-tiered security questionnaires and integrate due diligence into procurement workflows.

Requirements

  • 7+ years in cybersecurity with at least 3 years of dedicated third-party or supply chain risk management experience.
  • Hands-on proficiency with BitSight or equivalent continuous monitoring platforms.
  • Deep working knowledge of NIST SP 800-161, NIST CSF, CMMC Level 2, and ISO 27036.
  • Experience conducting structured vendor security due diligence across SaaS, cloud, and hardware suppliers.
  • Eligibility to obtain a DoD Secret security clearance is required.
  • Must be authorized to work in the US; no visa sponsorship available.

Nice to have

  • Certifications: CTPRP, CRISC, CISSP, or CISM.
  • Active DoD Secret or Top Secret/SCI clearance.
  • Familiarity with ITAR/EAR data sharing constraints.
  • Experience with GRC platform integration or risk workflow automation.

Culture & Benefits

  • Pay-for-performance culture focused on business strategy.
  • Commitment to an equitable and inclusive workplace.
  • Opportunity to work on complex, high-impact aerospace engineering challenges.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →