Product Security Analyst (Experienced or Senior)

About The Position

Requirements

• Currently have bachelor’s degree or higher
• 3+ years of experience working with Department of Defense (DoD) organizations, projects and/or programs
• 3+ years of experience directing and executing projects in accordance with stakeholder objectives and schedules
• 3+ years of experience in product security, cybersecurity research, or a related field
• 3+ years of experience planning and executing penetration testing of either IT based systems or Avionics embedded systems
• Experience in system and software architectures
• This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.62 is required. “U.S. Person” includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee.
• This position requires an active U.S. Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)

Nice To Haves

• 5 or more years of related work experience or an equivalent combination of education and experience
• Experience performing adversity (threat) analysis, security risk assessments, and maturing the analysis throughout the development lifecycle
• Experience hosting events like Cyber Table Tops and Mission Based Cyber Risk Assessments
• Experience working with stakeholders to integrate, plan and execute test events
• Demonstrated ability to engage with stakeholders to define/plan/resource/deliver solutions (state years of experience)
• Experience working with Product Security (non-IT) Cyber Compliance and/or Avionics Embedded systems risk management assessment
• Experience supporting Cyber Table Top, Mission Based Cyber Risk Assessment, or equivalent exercises
• Experience evaluating cybersecurity in one or more of the following domains: Windows, Linux, VxWorks, and INTEGRITY Operating Systems IP-Based Networks Avionics, Embedded Systems, Non-Standard Ethernet Protocols (ARINC, MIL-STD) RF interfaces
• Experience with cybersecurity compliance frameworks such as NIST CSF, DoD RMF, CMMC or PCI/DSS
• Experience designing and/or testing product systems
• Experience with program planning (cost and schedule)

Responsibilities

• Execute penetration tests to identify, exploit, and assess a target system’s vulnerabilities in a threat-representative manner on embedded systems and IP-based networks
• Implement test campaigns aligned with the DoD Cybersecurity T&E best practices
• Conduct Mission Based Cyber Risk Assessments (MBCRAs) and Cyber Table Tops (CTTs)
• Define cyber test plans and schedules for complex architectures and translate to actionable tasks
• Perform event planning in coordination with multiple stakeholders
• Provide team leadership, direction, and coordination resulting in test readiness
• Align technical test findings to stakeholder objectives and map attack surface coverage
• Coordinate prioritization and completion of test cases in accordance with the test plan
• Complete post-test reporting as a part of the test team
• Represent Product Security T&E in engagements with Boeing, suppliers and customer leadership
• Develop and mature Product Security T&E processes, best practices, and solutions
• Occasional domestic and international travel as needed

Benefits

• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• paid and unpaid time away from work