Product Security Engineer

Company:

Boeing are seeking an experienced Product Security Engineer to join our growing team in Bristol or Yeovil and help shape the future of integrating security and resiliency across our products and services.

Product security engineering is a crosscutting engineering function and a critical element of designing delivering and maintaining Boeing products and services. Our mission is to influence designs and implement security solutions that protect product integrity. You will join a highly energised team committed to staying ahead of evolving cyber threats developing innovative security measures consistent standards practices and tools.

As an experienced Product Security Engineer you will lead development implementation and sustainment of product security and resiliency across the requirements design build test production operations and support lifecycle. You will be expected to independently shape technical approaches influence programlevel decisions and provide subject matter expertise to internal and external stakeholders.

You will collaborate with a multidisciplinary enterprisewide community to create and apply best practices tools and solutions that protect complex systems including IT embedded and nonIT environments. This role offers the opportunity to solve highimpact security challenges influence nextgeneration security engineering and directly contribute to the resilience and certification posture of Boeings commercial and defence offerings.

Ideal candidates bring deep knowledge and experience in system security systems engineering safety/airworthiness security architecture and verification/validation activities.

If you are motivated to lead product security initiatives across complex programs and to influence engineering decisions that increase system resilience we encourage you to apply.

Position Responsibilities:

As a Product Security Engineer you will engage in and lead one or more of the following activities:

• Develops and implements product security requirements and architectures to satisfy certification regulatory and customer requirements.
• Defines security design approaches and leads integration of security features into product architectures and designs.
• Conducts and leads cybersecurity risk analysis and threat assessments; evaluates likelihood impact and residual risk and determines mitigations.
• Performs and leads security assessments audits and vulnerability analyses; prepares mitigation strategies and drives remediation actions.
• Establishes and sustains security practices across the product lifecycle through coordination with crossfunctional teams and program leadership.
• Communicates and documents product security and certification implications including security consequences of product modifications to internal stakeholders suppliers and customers.
• Identifies and defines product security requirements for suppliers of components and subsystems; coordinates supplier security activities and evaluates supplier deliverables for compliance.
• Coordinates with governments customers suppliers and industry to identify program risks and to improve industry and regulatory security standards and requirements for programs and interfacing systems.
• Independently conducts research and development activities that result in innovative security solutions tools or processes; leads pilot implementations and evaluates outcomes.
• Performs system analysis and trade studies to define technical concepts security architectures and optimal security solutions; documents rationale and recommendations for program decision makers.
• Develops and improves team tools processes and automation to increase productivity and repeatability across programs.
• Leads or contributes to program boards and design reviews: gathers and analyses data prepares briefings communicates recommendations and supports crossteam decision making.
• Monitors emerging threats vulnerabilities and security technologies; assesses applicability to programs and recommends prioritized adoption or mitigations.
• Ensures security of tools data networks and resources used for product design development build test storage delivery operations and support.
• Responds to programlevel security incidents or findings; coordinates remediation documents results and communicates status to stakeholders.
• Advises customers and program teams on maintaining product security and certification including the security consequences of modifying products and services.

Employer will not sponsor applicants for employment visa status.

This role is hybrid 3 days per week on-site.

Basic Qualifications (Required Skills/Experience):

Applied experience in multiple of the following areas:

• Cybersecurity and security risk / threat assessment
• Security architecture design and analysis
• Network security architecture for embedded and enterprise systems
• Embedded systems security and cyberphysical systems
• Systems hardening and security control implementation
• Cryptography and PKI design or integration
• Security testing evaluation and verification activities
• Trusted computing & antitamper engineering
• Aircraft communications standards & protocols (ARINCseries etc.)
• Secure Software Development Lifecycle (SDLC) and DevSecOps practices

Preferred Qualifications (Desired Skills/Experience):

• The ability to obtain UK Security Clearance

• Experience defining Concept of Operations (ConOps) system requirements and usecase driven security requirements.
• Broad experience in risk assessment and management including threat modelling and vulnerability analysis for networked and embedded systems.
• Experience leading or participating in cybersecurity audits certification activities and investigations.
• Experience with security incident response root cause analysis and trend analysis.
• Familiarity with malware analysis attack surface reduction and advanced security analysis techniques.
• Proven knowledge or handson experience with DevSecOps toolchains and automation.
• Familiarity with avionics embedded computing and communications systems (ARINC series).
• Proficiency with networking and computing protocols & architectures (TCP/IP OSI UDP serial/parallel communications bus architectures).
• Understanding of hardware and software integration processes for safetycritical platforms.
• Familiarity with Secure by Design principles and techniques.

Experience applying relevant standards and frameworks including:

• RTCA/EUROCAE: DO326B/ED202B DO356A/ED203A
• NIST: Risk Management Framework and SPs 800160
• ISO/IEC: 27001/
• DEFSTAN:
• Experience with ModelBased Engineering (MBE) tools and languages such as UML/SysML 3DX CATIA Cameo and MagicDraw is desirable.
• Proven contributions to industry standards professional organizations or crossindustry working groups are a plus.

Typical Education & Experience:

• Typically 5 years related work experience or an equivalent combination of technical education and experience; demonstrated progression of increasing responsibility on relevant programs.
• Education Bachelors degree or equivalent in Engineering Engineering Technology Computer Science Engineering Data Science Mathematics Physics or Chemistry; advanced degree preferred.
• Relevant security and engineering certifications strongly preferred (e.g. CISSP SABSA SANS certifications CISSPISSMP CISM or equivalent).

Relocation:

This position does not offer relocation. Candidates must live in the immediate area or relocate at their own expense.

What Boeing offers you:

The Boeing benefits package goes above and beyond focusing on your physical emotional financial and social well-being. Heres a snapshot of what we offer:

• Competitive salary and annual incentive plans

• Continuous learning: Youll develop the approach and skills to navigate whatever comes next

• Success as defined by you: Well provide the tools and flexibility so you can make a meaningful impact your way

• Diverse and inclusive culture: Youll be embraced for who you are and empowered to use your voice to help others find theirs

• 23 days plus UK public holidays and a Winter Break between Christmas and New Year!

• Pension Plan with 10% employer contribution

• Company paid BUPA Medical Plan

• Short Term Sickness: 100% pay for the first 26 weeks!

• Long Term Sickness: 66.67% of annual salary from 27th week

• 6x annual salary life insurance

• Learning Together Programme to support your ongoing personal and career development

• Access to Boeings Well Being Programs tool and incentives

• Parental leave options are available!

Other appropriate background experience and qualifications may be deemed acceptable

Language Requirements:

Education:

Relocation:

Security Clearance:

Visa Sponsorship:

Contingent Upon Award Program

Shift: