Senior Offensive Cybersecurity Test Engineer

About The Position

Requirements

• Bachelor of Science degree in Engineering, Engineering Technology (including Manufacturing Technology), Computer Science, Data Science, Mathematics, Physics, Chemistry or non-US equivalent qualifications directly related to the work statement
• 5+ years of experience in product security, cybersecurity research, or a related field
• 5+ years of experience leading projects or engineering teams
• 5+ years of experience planning and executing penetration testing of either IT based systems or Avionics embedded systems
• 5+ years of experience working with Department of Defense (DoD) organizations, projects and/or programs
• 3+ years of experience leading and mentoring a technical team
• Able to travel both domestically and internationally
• This position requires an active U.S. Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)
• This position requires ability to obtain program access, for which the U.S. Government requires U.S. Citizenship only.

Nice To Haves

• Demonstrated ability to engage with stakeholders to define/plan/resource/deliver
• Experience designing and/or testing product systems
• Experience working with Product Security (non-IT) Cyber Compliance and/or Avionics Embedded systems risk management assessment
• Experience facilitating and/or supporting Cyber Table Top, Mission Based Cyber Risk Assessment, or equivalent exercises
• Experience planning and executing penetration tests in one or more of the following domains: Windows, Linux, VxWorks, and INTEGRITY Operating Systems
• IP-Based Networks
• Avionics, Embedded Systems, Non-Standard Ethernet Protocols (ARINC, MIL-STD)
• RF interfaces
• Experience evaluating cybersecurity of proprietary protocols, applications, and firmware within a complex, integrated environment
• Experience coordinating and presenting technical content to a diverse audience
• Experience with program planning (cost and schedule)
• Experience with scripting languages such as Bash, Python, PowerShell
• Experience with Aircraft Platforms, Weapon Systems and/or C5ISR
• Knowledgeable in Cryptography and Reverse Engineering
• One or more of the following Certifications: Offensive Security Certified Engineer (OSCE)
• Offensive Security Certified Professional (OSCP)
• GIAC Certified Exploit Researcher and Advanced Penetration Testers (GXPN)
• GIAC Reverse Engineering Malware (GREM)
• Certified Information System Security Professional (CISSP)

Responsibilities

• Lead execution of penetration tests to identify, exploit, and assess a target system’s vulnerabilities in a threat-representative manner on embedded systems and IP-based networks
• Subject Matter Expert for emulating advanced cyber adversary (advanced persistent threats) tactics, techniques and procedures (TTPs)
• Lead controlled attack simulations that test the effectiveness of a blue team and its capabilities to detect, block, and mitigate attacks and breaches
• Develop exploits and malware targeting modern operating systems and defenses
• Reverse engineering firmware and software to support vulnerability identification
• Develop cyber test tools as necessary to achieve threat emulation objectives
• Communicate recommendations for improvements to customer stakeholders via reports or presentations using common frameworks such as MITRE ATT&CK, Cyber Kill Chain, etc.
• Participate in test design and planning
• Occasional domestic and international travel as needed

Benefits

• At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent.
• Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
• The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.
• The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.
• Pay is based upon candidate experience and qualifications, as well as market and business considerations.
• This position offers relocation based on candidate eligibility.