Senior Product Security Engineer

Boeing•Berkeley, MO

2d•Onsite

About The Position

The Boeing Defense, Space & Security (BDS) Air Dominance (AD) Product Security Engineering (PSE) organization is seeking a Senior Product Security Engineer to provide technical support for product cyber security and resiliency engineering for embedded systems through requirements, design, analysis, build, test, production, operations, support and sustainment in the Air Dominance & Phantom Works current/future portfolio in Berkeley, MO / Hazelwood, MO. You are going to be part of Boeing's AD PSE Organization, which is a growing multi-disciplinary cybersecurity engineering organization, that is responsible for the cyber security and resiliency of our embedded systems within products, platforms, and services. This is your opportunity to shape and influence Product Security Engineering across the BDS AD portfolio of products. The AD PSE team’s portfolio spans exciting programs such as F/A-18 Super Hornet/Growlers, F-15 Eagle (domestic & international), MQ-25A Stingray, T-7A Red Hawk, Proprietary Programs and Phantom Works efforts. This role supports the implementation of security controls and requirements aligned with Department of War (DoW) Risk Management Framework (RMF), Joint Special Access Program (SAF) Implementation Guide (JSIG), and National Industrial Security Operating Manual (NISPOM) as required by customers, working under the direction of senior security team members. In joining Boeing, you are going to be a part of a diverse multi-disciplined team of engineers and analysts, while operating in an agile environment, utilizing the latest tools and methodologies! Along with developing your technical competence and leadership skills at a company with huge potential for long-term career growth. At Boeing, we value your curiosity, your determination, and your imagination.

Requirements

Senior (Level 4) - Education/experience typically acquired through advanced technical education from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), computer science, engineering data science, mathematics, physics or chemistry (e.g. Bachelor) and typically 9 or more years' related work experience or an equivalent combination of technical education and experience or non-US equivalent qualifications. In the USA, ABET accreditation is the preferred, although not required, accreditation standard.
Experience in the development of avionics computer systems.
Experience in performing security risk assessments and risk management within networked operational technology (OT)
Experience in embedded software architecture, agile development, software development lifecycle, software application testing, security tools and practices used in development pipelines
Demonstrated ability to identify new opportunities and engage with stakeholders to define, plan, resource and deliver solutions.
Experience with the development of cybersecurity philosophies, patterns, requirements, secure architecture and design’s
Experience coordinating and presenting technical content to a diverse audience, as well as preparing technical documentation
Able to work autonomously
Knowledge of cyber security incident response protocols (identification, impact assessment, containment, remediation, evidence handling, technical reporting, etc.) and safeguarding information.
This position requires an ability to obtain and maintain an active Secret U.S. Security Clearance. An interim and/or final U.S. Secret Clearance Post-Start is required.

Nice To Haves

Experience in product cyber security for avionics systems and component level development
Experience performing adversity (threat) analysis, security risk assessments, and maturing the analysis throughout the development lifecycle – to inform requirements, and design
Experience generating product cyber security artifacts for customer/certifiers
Security certification is desired (e.g. CISSP); Please state/include on resume
Experience and applied knowledge of security airworthiness processes and methods applied to avionics systems, such as but not limited to DO-326A and DO-356A
Experience and/or applied knowledge of complex safety critical systems development process methodologies and associated practices, such as but not limited to DO-178C, DO-254
Security certification is desired (e.g. CISSP); Please state/include on resume

Responsibilities

Support the development, implementation, and sustainment of product security requirements for Air Dominance & Phantom Works avionics systems/subsystems, throughout the requirements, design, analysis, build, test, production, operations, support and sustainment lifecycle
Coordinate with partners and system-of-systems product security counterparts for requirements, activities, artifacts, and solutions
Coordinate with other engineering stakeholders – systems, software, and hardware – advising on the results of security analysis – to develop secure architectures and designs
Lead, establish, and integrate standards and processes for product security engineering for embedded avionics development, and meet applicable program/certification requirements
Utilize the Risk Engineering digital thread to inform product requirements surrounding cyber survivability against specified cyber threats – by performing criticality, adversity, threat analysis for avionics systems
Lead risk reduction and technology maturation activities – where appropriate – resulting in innovative solutions in product and services offering
Implements appropriate security controls and requirements per JSIG, DoD and ICD 503 RMF, NISPOM, or DoD Overprint to the NISPOM
Lead inputs for planning, scheduling, risks, issues, and opportunity activities for cyber security
Support team building, leading cross-functional teams, motivating and engaging team member, and inspiring work groups through daily interactions.