Product Security Engineer (Mid-level or Senior)

About The Position

Requirements

• Willingness to travel 25% to client site.
• 5+ years of product security experience.
• CompTIA Security+ certification.
• This position requires an active U.S. Top Secret / Sensitive Compartmented Information (TS/SCI) with Polygraph Security Clearance (US Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active.)
• This position requires the ability to obtain and retain Special Access Program (SAP) approval within a reasonable period of time determined by the company to meet its business needs.

Nice To Haves

• DoD 8570.01-M IAT Level III Certification (e.g., CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP); and IASAE Level II (e.g., CASP+ CE, CISSP (or Associate), CSSLP)
• 5 or more years’ experience with the implementation of security controls IAW DoD Risk Management Framework (RMF).
• 5 or more years’ experience with common DoD vulnerability and compliance assessment tools (e.g., SCAP, STIGs, ACAS) and processes.
• 5 or more years’ experience in security control test plan development and execution.
• Experience with software development tools, such as, DOORS, ClearCase, GitLab, Jira, Coverity, etc.
• Experience with developing Threat Modeling, Attack Profiles, Threat and Risk Assessments on aircraft platforms and weapon systems.
• Experience with evaluating and refining customer security requirements.
• Experience working with multiple technologies such as RHEL 8 and above, and/or CISCO IOS/NXOS, and/or Windows server 2019 and above, and/or Windows 10 or newer.
• Experience with multiple scripting languages (e.g., PowerShell, Python, Bash, Ansible, etc.)
• Experience creating system security implementation solutions against customer requirements.
• Experience with installation and configuration of Splunk Enterprise; to include creation of Apps and Dashboards to audit analysis specifications.
• Experience in Group Policy Management and implementation.
• Experience with Agile development within a DevSecOps environment.

Responsibilities

• Develop, implement, and sustain product security and resiliency throughout the full lifecycle: requirements, design, build, test, production, operations, and support.
• Analyze customer and regulatory information system security requirements and decompose them into system security design specifications and verifiable requirements.
• Develop and enhance system requirements and architectures to ensure product security meets all applicable certifications and customer requirements.
• Interface directly with customers, lead engineers, suppliers, and government stakeholders to ensure security requirements are designed into products and evaluated for effectiveness; advise customers on maintaining product security and certification, including the security impacts of product or service modifications.
• Define and identify product security requirements for suppliers of components and subsystems and coordinate their integration into Boeing products and services.
• Work in classified environments to evaluate computing systems, products, and platforms for conformance, generating and analyzing cybersecurity data to support program and customer needs.
• Research, collect, interpret, test, and analyze technical data to support the integration of security and resiliency into products and services across the lifecycle, optimizing security effectiveness in projected operational environments.
• Perform and support product security risk, attack-surface, and vulnerability analyses, and conduct security audits of applications and application stacks of various provenances.
• Analyze, triage, aggregate, escalate, and report relevant product security, anti-tamper, and telemetry/data sources for attack indicators and potential security breaches; correlate findings and perform trend analysis.
• Analyze malware and attacker tactics to improve detection capabilities and inform mitigations.
• Coordinate and support incident response activities and provide technical analysis to inform containment and remediation.
• Make mitigation recommendations and, where authorized, execute mitigations and coordinate implementation with engineering and program teams.
• Perform software assurance assessments to verify the security pedigree of software solutions and related development activities.
• Ensure security of facilities, equipment, tools, data, networks, and resources used across product design, development, build, test, storage, delivery, operations, and support.
• Provide ISSO and IT administrators with system security expertise to assist in gathering/securing data to support incident investigation and response; assist ISSO in monitoring, interpreting, and reacting to security device outputs.
• Create and maintain documentation in support of authorization/accreditation packages; deploy and enforce security policies, standards, and guidance.
• Develop, maintain, and improve planning, organization, implementation, and monitoring of requirements management processes to ensure traceability and compliance.
• Conduct R&D and analysis activities as needed to produce innovative security solutions and improve industry/regulatory security standards and program requirements.
• Train, mentor, and provide technical leadership to junior staff members.
• Work under minimal direction, exercise sound judgment and technical initiative, and effectively communicate technical findings and recommendations in reports and briefings to technical peers and leadership.

Benefits

• Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
• The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.