Senior Offensive Cybersecurity Test Engineer

About The Position

Requirements

• Bachelor of Science degree in Engineering, Engineering Technology (including Manufacturing Technology), Computer Science, Data Science, Mathematics, Physics, Chemistry or non-US equivalent qualifications directly related to the work statement
• 5+ years of experience in product security, cybersecurity research, or a related field
• 5+ years of experience leading projects or engineering teams
• 5+ years of experience planning and executing penetration testing of either IT based systems or Avionics embedded systems
• 5+ years of experience working with Department of Defense (DoD) organizations, projects and/or programs
• 3+ years of experience leading and mentoring a technical team
• Able to travel both domestically and internationally
• This position requires an active U.S. Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)
• This position requires ability to obtain program access, for which the U.S. Government requires U.S. Citizenship only.

Nice To Haves

• Demonstrated ability to engage with stakeholders to define/plan/resource/deliver
• Experience designing and/or testing product systems
• Experience working with Product Security (non-IT) Cyber Compliance and/or Avionics Embedded systems risk management assessment
• Experience facilitating and/or supporting Cyber Table Top, Mission Based Cyber Risk Assessment, or equivalent exercises
• Experience planning and executing penetration tests in one or more of the following domains: Windows, Linux, VxWorks, and INTEGRITY Operating Systems
• IP-Based Networks
• Avionics, Embedded Systems, Non-Standard Ethernet Protocols (ARINC, MIL-STD)
• RF interfaces
• Experience evaluating cybersecurity of proprietary protocols, applications, and firmware within a complex, integrated environment
• Experience coordinating and presenting technical content to a diverse audience
• Experience with program planning (cost and schedule)
• Experience with scripting languages such as Bash, Python, PowerShell
• Experience with Aircraft Platforms, Weapon Systems and/or C5ISR
• Knowledgeable in Cryptography and Reverse Engineering
• One or more of the following Certifications: Offensive Security Certified Engineer (OSCE) Offensive Security Certified Professional (OSCP) GIAC Certified Exploit Researcher and Advanced Penetration Testers (GXPN) GIAC Reverse Engineering Malware (GREM) Certified Information System Security Professional (CISSP)

Responsibilities

• Lead execution of penetration tests to identify, exploit, and assess a target system's vulnerabilities in a threat-representative manner on embedded systems and IP-based networks
• Subject Matter Expert for emulating advanced cyber adversary (advanced persistent threats) tactics, techniques and procedures (TTPs)
• Lead controlled attack simulations that test the effectiveness of a blue team and its capabilities to detect, block, and mitigate attacks and breaches
• Develop exploits and malware targeting modern operating systems and defenses
• Reverse engineering firmware and software to support vulnerability identification
• Develop cyber test tools as necessary to achieve threat emulation objectives
• Communicate recommendations for improvements to customer stakeholders via reports or presentations using common frameworks such as MITRE ATT&CK, Cyber Kill Chain, etc.
• Participate in test design and planning
• Occasional domestic and international travel as needed

Benefits

• Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
• The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.