Senior Product Security Engineer

About The Position

Requirements

• Bachelor of Science degree in Engineering, Engineering Technology (including Manufacturing Technology), Computer Science, Data Science, Mathematics, Physics, Chemistry or non-US equivalent qualifications directly related to the work statement
• Level 4: 9+ years of related work experience or an equivalent combination of education and experience
• Level 5: 14+ years of related work experience or an equivalent combination of education and experience
• Ability to obtain a U.S. Security Clearance
• Experience with networking in cloud environments
• Experience in cyber security solutions architecture, with a focus on cloud technologies, DevSecOps, and secure system design
• Experience leading DevSecOps teams to deploy a cloud or on-prem DevSecOps solutions
• Experience with cloud security frameworks and compliance standards such as National Institute of Standards and Technology (NIST), Federal Risk and Authorization Management Program (FedRAMP), Department of Defense Security Requirements Guide (DoD SRG), and Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs)

Nice To Haves

• Active Security Clearance (Active means held within the previous two years from today)
• Experience in Avionic systems: architecture, requirements, design, interfaces, platform integration, flight test planning, testing, validation and verification
• Experience in software or hardware engineering, requirements, design, development, test, and working with software and hardware
• Experience in aligning operational capabilities to regulatory frameworks and compliance requirements (i.e., ISO, NIST, CMMC)
• Experience do you have with data links, crypto, trusted guards, multi-level security?
• Experience with cyber verification and validation of Avionics Systems?
• Certified Application Security Engineer (CASE), Security+, a CISSP certification, or equivalent Cyber Security certification (CISSP preferred)

Responsibilities

• Incorporate key security concepts through the initial planning, design, and implementation of complex engineering environments spanning multiple sites, incorporating engineering labs, on-premise compute, and secure multi-cloud solutions.
• Collaborate closely with program customers to support the definition of security requirements, enable seamless systems integration, and ensure systems verification.
• Engage with multiple engineering disciplines, including cloud computing, software engineering – (Artificial Intelligence/Machine Learning (AI/ML), Infrastructure as Code (IaC), DevSecOps), Systems Engineering , Data Science, and Boeing Enterprise Security.
• Treat security as a primary concern and engage from the early phases of design to ensure our environment is Secure by Design.
• Mentor, and help to build your team of software security engineers and oversee the execution of security capabilities.
• Build up a strong set of security tools into the DevSecOps pipeline, enabling Cybersecurity Supply Chain Risk Management (C-SCRM), Secure Coding Practices, Software Assurance, and Security Policy Enforcement.
• Assist in establishing, integrating standards and processes for product security engineering in support of Digital Infrastructure, and meet applicable program/certification requirements
• Utilize Risk Engineering digital thread to inform product requirements surrounding cyber survivability against specified cyber threats – by performing criticality, adversity, threat analysis for avionics systems
• Provide security expertise to Air Dominance program management and engineering teams through technical design reviews, program gate reviews, and other independent reviews as needed by the engineering function.

Benefits

• mentorship opportunities
• tuition reimbursement program