Mid-Level Cybersecurity Assessment Specialist

About The Position

Requirements

• 3+ years of experience with server administration and file management structure
• 3+ years of experience with programming experience in Python, PHP, Perl, Ruby, .NET, or other interpreted or compiled languages
• 1+ years of experience in penetrating testing and vulnerability assessments using manual techniques and vulnerability testing tools (including scanners, sniffers, fuzzers and exploit tools such as Burp, Nmap, Kali and Metasploit)
• This position requires the ability to obtain a U.S. Security Clearance for which the U.S. Government requires U.S. Citizenship. An interim and/or final U.S. Secret Clearance Post-Start is required.
• This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.62 is required. “U.S. Person” includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee.

Nice To Haves

• Bachelor’s degree or higher
• Security professional certifications (e.g. Offensive Security Certified Professional (OSCP), Global Information Assurance Certification (GIAC), Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP))
• 3+ years of experience working in Information/Cybersecurity identifying security vulnerabilities
• Experience with secure software development lifecycle and large-scale computing environments
• Experience working with Information Security principles, policies, and industry best practices including the Critical Security Controls (CIS), Open Worldwide Application Security Project (OWASP), Top 10 and Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework
• Experience working with Authentication and Authorization Controls
• Experience working with common server applications such as Internet Information Services (IIS), Apache, Lightweight Directory Access Protocol (LDAP), Tomcat, and Secure Shell (SSH)
• Experience working with common network protocols such as HyperText Transfer Protocol/ HyperText Transfer Protocol Secure (HTTP/HTTPS), Transmission Control Protocol/Internet Protocol (TCP/IP), and User Diagram Protocol (UDP)
• Experience conducting technical research
• Experience with cloud -based architectures
• Experience working with strong written and verbal communication skills
• Experience growing technical skills and participating in the broader Boeing Information Security community

Responsibilities

• Conduct application and network layer penetration tests on various IT environments
• Conduct red teaming activities, including physical security penetration testing
• Perform independent pen testing utilizing numerous penetration testing tools and leveraging mainly manual techniques, typically testing will necessitate source code analysis
• Write risk prioritized finding reports, debrief system owners and consult on remediation options
• Retest security vulnerabilities that have been identified as fixed to verify remediation is effective
• Contribute to pen testing, red teaming, tooling, and reporting methodology enhancements
• Stay current on emerging technologies, pen testing tools and techniques, and security vulnerabilities
• Evaluate effectiveness of defensive countermeasures and consult with blue teams to help improve detection methods and capabilities required for situational awareness

Benefits

• Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
• The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.