Associate Software Security Engineer

About The Position

Requirements

• Bachelor of Science degree from an accredited course of study in engineering, engineering technology, chemistry, physics, mathematics, data science, or computer science
• Excellent written/oral communication skills to effectively convey cybersecurity concepts across business and technical stakeholders
• 2+ years of experience in a role that required teaming and collaboration skills, and ability to work well with a geographically dispersed cross-functional and matrix team
• 1+ years of experience factoring and applying confidentiality, integrity and availability considerations within the software development lifecycle
• Proficient with one or more programming languages (e.g. C, C++, Python)
• 2+ years of experience with the Software Development Lifecycle to include implementing DevSecOps principles within CI/CD Pipelines

Nice To Haves

• 3+ years of experience in Product Security or Cybersecurity
• Experience with Systems Security Engineering and breaking down requirements
• Experience in security architectures, network security, embedded systems security, security testing and evaluation, network design, PKI infrastructure
• Cybersecurity Certifications not limited to Security+, CISSP, CEH etc.
• Knowledge of Secure Software Development Framework (NIST SP 800-218), or CISA Self-Attestation Common Form
• General knowledge of DoD, NASA and FAA security requirements related to Product Security
• 2+ years of experience in Agile project management
• Experience securing cloud-based infrastructure and architecture (preferably AWS)
• Experience scanning for vulnerabilities, implementing and assessing mitigations

Responsibilities

• Assess the adversity faced by software subsystems in the context of the larger system
• Secure cloud-based software development environments
• Manage risk in accordance with accepted industry, professional, and government standards to ensure security design integrity, availability, confidentiality, and regulatory compliance
• Develop security requirements and coordinate with multiple system stakeholders to identify, properly implement, and verify security measures to mitigate the risks, threats, and vulnerabilities
• Perform requirements verification on software security engineering products using inspection, analysis, demonstration, and test methods
• Perform Common Vulnerabilities and Exploits (CVE) analysis and coordinate with system stakeholders to appropriately mitigate and address to reduce likelihood and consequences of CVE impacting system operation
• Deploy DevSecOps best practices into Program pipelines, including tool selection, configuration, and analysis
• Provide technical data and develop documentation in accordance with requirements and system security engineering processes and procedures for internal reference and external delivery
• Support Product Security Incident Response Team to respond to security events
• Define and deploy consistent software security standards within the Software Development Lifecycle
• Identify improvements to ensure software implementation is aligned to industry and Boeing software assurance best practices

Benefits

• Competitive base pay and variable compensation opportunities
• Health insurance
• Flexible spending accounts
• Health savings accounts
• Retirement savings plans
• Life and disability insurance programs
• Programs that provide for both paid and unpaid time away from work