Experienced Product Security Engineer (Virtual)

About the position The Boeing Company is looking for an Experienced Product Security Engineer (Virtual) to join the Government Vehicle Health Management Systems (GVHMS) team. This role will support a proprietary program as well as other platforms in the GVHMS portfolio within the Boeing Global Services (BGS) organization. In this role, you will work on our team of Product Security Engineers along with our internal team as well as external suppliers to ensure all stakeholders are meeting customer and internal CS/IA requirements. The CS/IA engineer will be required to assess compliance with CS/IA requirements, work with stakeholders to resolve compliance issues, and communicate status accordingly. This role will also be responsible for certifying compliance for the system and hardware assets as well as serving as a CS/IA focal on other efforts across the organization including requirements definition, issue remediation, as well as supporting Certification & Accreditation (C&A) activities for the team. Our amazing team of engineers develops, fields, and supports platform health management systems for the F/A-18, MQ-25, F-15, T-38, T-7, and proprietary platforms. Our software acquires and manages platform health and usage data, performs health, and usage assessment and recommends maintenance actions. We are tasked with the creation, design, development, modification, proof of concept, verification, testing, and demonstration of products and solutions to maximize platform mission readiness and effectiveness, reduce lifecycle costs, and keep our customers safe. At Boeing, we are all innovators on a mission to connect, protect, explore and inspire. From the seabed to outer space, you will learn and grow; contributing to work that shapes the world. Find your future with us. This position has been identified as a virtual opportunity and will not require the selected candidate to relocate.

Responsibilities

• Develops, implements, and sustains product security and resiliency throughout the requirements, design, build, test, production, operations, and support lifecycle
• Develops and enhances system requirements and architectures for product security to meet all applicable certification and customer requirements
• Ensures security of facilities, equipment, tools, data, networks, and resources used for product: design, development, build, test, storage, delivery, operations, and support
• Defines and identifies product security requirements for suppliers of components and subsystems for integration into Boeing products and services
• Coordinates with governments, customers, suppliers, and industry to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems
• Conducts research and development activities resulting in innovative solutions
• Advises customers on maintaining product security and certification, including security consequences of modifying products and services

Requirements

• Bachelor Degree
• Ability to obtain a U.S. Security Clearance for which the U.S. Government requires U.S. Citizenship
• 3+ years of experience in cyber-security, information assurance, or related field
• Experience interpreting and applying NIST requirements
• Certified Application Security Engineer (CASE), Security+, a CISSP certification, or equivalent Cyber Security certification (CISSP preferred)

Nice-to-haves

• Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science
• 5+ years experience with industry standard cybersecurity frameworks (NIST, OWASP, DFARS)
• 5+ years of experience with security and vulnerability scanning tools such as ACAS/Nessus, STIG's, and SCC
• Experience identifying security vulnerabilities within source code
• 5+ years of experience scanning source code with security tools Fortify and Coverity
• Software engineering or Information Technology (IT) experience, including knowledge of Microsoft operating systems and client-server and web-based architectures, is desirable
• Experience with the RMF or DIACAP process
• Experience interpreting and applying NIST requirements
• Experience with performing ACAS scans of systems and interpreting results
• Experience with STIGs and SCAP tool
• Experience with Vulnerator tool
• Experience with DISA IAVMS and patching to the notices

Benefits

• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• paid and unpaid time away from work