6J3 - DevSecOps (contract)

at  Boeing

The Boeing Company is currently seeking a DevSecOps Engineer to join the Next Generation Product Support (NPGS)team located in Ridley Park, PA, Hazelwood, MO, Oklahoma City, OK or Plano, TX. This position will focus on supporting the Boeing Global Services (BGS) business organization.
The successful candidate will develop, document, and maintain standardized, efficient, and innovative processes, tools, methodologies and performance metrics to streamline the software engineering lifecycle and enable continuous integration, delivery, and deployment of safety critical software.
We operate as a fast-paced agile team and seek candidates who have proven skills in DevSecOps, Cloud environments, to automate, develop, monitor, improve and troubleshoot across software engineering development, tooling, testing, deployment, configuration process and security controls.
An ideal candidate will demonstrate technical expertise for required software projects and lead activities and work under minimal direction.
This position is hybrid. This means that the selected candidate will be required to perform some work onsite at one of the listed location options. This is at the hiring team’s discretion and could potentially change in the future.
To be considered for this position you will be required to complete a technical assessment as part of the selection process. Failure to complete the assessment will remove you from consideration.
Position Responsibilities:
Develop and enhance the NGPS development security practice by integrating secure coding solutions that identify security vulnerabilities within each phase of the software development lifecycle and enforce compliance within the CI/CD pipeline.
Implement solutions that identify vulnerabilities within source code, open-source software libraries, hardened containers, and deployed applications by leveraging static application security testing (SAST), dynamic application security testing (DAST), container security scanning, and software composition analysis tools; and provide recommendations to remediate.
Implement efficient processes centered around continuous integration best practice
Develop an efficiency-centered code quality solution that enables visibility, transparency, and continuous monitoring within a shared responsibility model
Implement immediate quality feedback loops for the developers building NGPS software
Develop and implement an event-driven container security scanning and software composition analysis solution within the CI/CD pipeline using Prisma, AWS Inspector 2, X-Ray by Antifactory, and/ or Nexus Lifecycle
Provide hands-on DevSecOps support to the NGPS portfolio, such tasks would include - infrastructure support and sustainment activities, CI/CD pipeline development and improvement, GitLab administration, AWS or Azure Cloud administration, and containerization.
Collaborate on idea creation and development of the Software development tool chain
Support the ongoing lifecycle maintenance of the DevSecOps tool chain
Support the software quality efforts of our Boeing product deliveries to our partners and customers
Ensure that secure development and deployment infrastructure supports CI/CD and automated verification systems.
We work in a casual but professional environment with multi-disciplined teams of engineers that take pride in developing, integrating, testing and delivering innovative solutions. There is long-term potential for career growth into technical leadership or management positions and we value the curiosity, tenacity and imagination our engineers bring to our teams each day.
Security Clearance and Export Control Requirements:
This position requires the ability to obtain a US Security Clearance for which the US Government requires US Citizenship. Ability to obtain Secret US Security clearance Post-Start.
Basic Qualifications (Required Skills/ Experience):
Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science
5 or more years’ experience with software development
2 or more years’ experience with Cloud technologies, such as AWS, GCP or Azure
Experience with Automation and Continuous Integration/Continuous Deployment (CI/CD) techniques and design pattern
Preferred Qualifications (Desired Skills/Experience):
Have the ability to set up, and manage a toolchain using tools such as GitLab, Bazel, SonarQube, Coverity, NetSparker, Nexus Lifecycle, Artifactory and more
Strong Working knowledge of the CI/CD process including debugging, test, and integration of software tools
Understanding of secure software development methodologies and Security First minds
Strong working knowledge of Agile Software Development
Demonstrated history with microservices deployment
Demonstrated experience implementing secure Hybrid (Cloud / on-prem) development and deployment infrastructure
Proficient in programming and /or scripting ability (bash,python,java,c)
Strong communication skills and a self-starter

Describe the project/day-to-day activities they will be working on:

• Enhancing the NGPS static application security testing practices by integrating Coverity into the CI/CD pipeline.
• Enhancing the NGPS static application testing practices by integrating SonarQube into the CI/CD pipeline.
• Developing dynamic application security tests using NetSparker and integrating them into the CI/CD pipeline
• Implementing event-driven container security scanning and software composition analysis solution within the CI pipeline using Prisma, AWS Inspector 2, X-Ray by Antifactory, and/ or Nexus Lifecycle.
• Provide hands-on DevSecOps support, such tasks would include - infrastructure support and sustainment activities, CI/CD pipeline development and improvement, GitLab administration, AWS or Azure Cloud administration, and containerization.
• Working with developers and product owners to increase unit test coverage and code quality and burn down detected vulnerabilities
• Creating process documentation and migration guides

Please refer the Job description for details