Product Security Engineer (Mid-level or Senior)

Company:

Boeing Defense Space & Security (BDS) is seeking an Experienced Product Security Engineer to support the P-8A program in Richardson TX.

The candidate will join a team supporting product cybersecurity efforts across multiple systems and labs for both training and development efforts. The BDS Product Security Engineering team is responsible for the cybersecurity and resiliency of Boeing products and services bridging the gap between high level security policies/requirements and technical/operational implementation of those requirements. The work is multi-disciplinary and includes activities in cyber and systems security analysis engineering test and vulnerability assessments and mitigation.

At Boeing we innovate and collaborate to make the world a better place. By joining our team you will become an integral part of an organization that deeply values teamwork fosters creativity and upholds the highest standards of engineering technical excellence to ensure our products are secure. Contribute to work that matters with a company where diversity equity and inclusion are shared values. Find your future with us!

Position Responsibilities:

• Develop implement and sustain product security and resiliency throughout the full lifecycle: requirements design build test production operations and support.

• Analyze customer and regulatory information system security requirements and decompose them into system security design specifications and verifiable requirements.

• Develop and enhance system requirements and architectures to ensure product security meets all applicable certifications and customer requirements.

• Interface directly with customers lead engineers suppliers and government stakeholders to ensure security requirements are designed into products and evaluated for effectiveness; advise customers on maintaining product security and certification including the security impacts of product or service modifications.

• Define and identify product security requirements for suppliers of components and subsystems and coordinate their integration into Boeing products and services.

• Work in classified environments to evaluate computing systems products and platforms for conformance generating and analyzing cybersecurity data to support program and customer needs.

• Research collect interpret test and analyze technical data to support the integration of security and resiliency into products and services across the lifecycle optimizing security effectiveness in projected operational environments.

• Perform and support product security risk attack-surface and vulnerability analyses and conduct security audits of applications and application stacks of various provenances.

• Analyze triage aggregate escalate and report relevant product security anti-tamper and telemetry/data sources for attack indicators and potential security breaches; correlate findings and perform trend analysis.

• Analyze malware and attacker tactics to improve detection capabilities and inform mitigations. Coordinate and support incident response activities and provide technical analysis to inform containment and remediation.

• Make mitigation recommendations and where authorized execute mitigations and coordinate implementation with engineering and program teams.

• Perform software assurance assessments to verify the security pedigree of software solutions and related development activities.

• Ensure security of facilities equipment tools data networks and resources used across product design development build test storage delivery operations and support.

• Provide ISSO and IT administrators with system security expertise to assist in gathering/securing data to support incident investigation and response; assist ISSO in monitoring interpreting and reacting to security device outputs.

• Create and maintain documentation in support of authorization/accreditation packages; deploy and enforce security policies standards and guidance.

• Develop maintain and improve planning organization implementation and monitoring of requirements management processes to ensure traceability and compliance.

• Conduct R&D and analysis activities as needed to produce innovative security solutions and improve industry/regulatory security standards and program requirements.

• Train mentor and provide technical leadership to junior staff members.

• Work under minimal direction exercise sound judgment and technical initiative and effectively communicate technical findings and recommendations in reports and briefings to technical peers and leadership.

• Willingness to travel 25% to client site.

This position is expected to be 100% onsite at the Richardson TX office location.

Pre-Hire:

This position requires an active U.S. Top Secret / Sensitive Compartmented Information (TS/SCI) with Polygraph Security Clearance (US Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active.)

Post-Hire:

This position requires the ability to obtain and retain Special Access Program (SAP) approval within a reasonable period of time determined by the company to meet its business needs.

Basic Qualifications (Required Skills & Experience):

• Willingness to travel 25% to client site.

• 5 years of product security experience.

• CompTIA Security certification.

Preferred Qualifications (Desired Skills/Experience):

• DoD 8570.01-M IAT Level III Certification (e.g. CASP CE CCNP Security CISA CISSP (or Associate) GCED GCIH CCSP); and IASAE Level II (e.g. CASP CE CISSP (or Associate) CSSLP)

• 5 or more years experience with the implementation of security controls IAW DoD Risk Management Framework (RMF).

• 5 or more years experience with common DoD vulnerability and compliance assessment tools (e.g. SCAP STIGs ACAS) and processes.

• 5 or more years experience in security control test plan development and execution.

• Experience with software development tools such as DOORS ClearCase GitLab Jira Coverity etc.

• Experience with developing Threat Modeling Attack Profiles Threat and Risk Assessments on aircraft platforms and weapon systems.

• Experience with evaluating and refining customer security requirements.

• Experience working with multiple technologies such as RHEL 8 and above and/or CISCO IOS/NXOS and/or Windows server 2019 and above and/or Windows 10 or newer.

• Experience with multiple scripting languages (e.g. PowerShell Python Bash Ansible etc.)

• Experience creating system security implementation solutions against customer requirements.

• Experience with installation and configuration of Splunk Enterprise; to include creation of Apps and Dashboards to audit analysis specifications.

• Experience in Group Policy Management and implementation.

• Experience with Agile development within a DevSecOps environment.

Typical Education:

Level 3: Education/experience typically acquired through advanced technical education from an accredited course of study in engineering engineering technology (includes manufacturing engineering technology) computer science engineering data science mathematics physics or chemistry (e.g. Bachelor) and typically 5 or more years related work experience or an equivalent combination of technical education and experience or non-US equivalent the USA ABET accreditation is the preferred although not required accreditation standard.

Level 4: Education/experience typically acquired through advanced technical education from an accredited course of study in engineering engineering technology (includes manufacturing engineering technology) computer science engineering data science mathematics physics or chemistry (e.g. Bachelor) and typically 9 or more years related work experience or an equivalent combination of technical education and experience or non-US equivalent the USA ABET accreditation is the preferred although not required accreditation standard.

Relocation:

Relocation assistance is not a negotiable benefit for this position. Candidates must live in the immediate area or relocate at their own expense.

Drug Free Workplace:

Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana cocaine opioids amphetamines PCP and alcohol when criteria is met as outlined in our policies.

Shift:

This position is for 1st shift.

At Boeing we strive to deliver a Total Rewards package that will attract engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs generally including health insurance flexible spending accounts health savings accounts retirement savings plans life and disability insurance programs and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location date of hire and the applicability of collective bargaining agreements.

Typical Summary Pay Ranges:

Level 3: $137700 - $186300

Level 4: $173400 - $234600

Language Requirements:

Education:

Relocation:

Export Control Requirement:

Safety Sensitive:

Security Clearance:

Visa Sponsorship:

Contingent Upon Award Program

Shift:

Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud - Recruitment Fraud Warning