At Boeing, we innovate and collaborate to make the world a better place. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Boeing Global Services (BGS) is looking for a Mid-Level Product Security Engineer (PSE) to join our Government Training Systems team at Travis AFB, CA. The selected candidate will execute on our vision and share our passion for protecting our government training systems, aircraft support equipment, and associated products. Join our team to provide technical support for product cyber security and resiliency engineering through requirements, design, analysis, build, test, production, operations, support and sustainment.
This PSE team’s portfolio spans exciting programs such as KC-46. The candidate will rely on Cybersecurity and Information Assurance (IA) background to be a technical leader and support the Maintenance Training System (MTS) network and Boeing customers. In this role, the candidate will align product engineering support with information system security tasking’s to support the KC-46 Maintenance Training System (MTS). This position includes guidance for the design and implementation of appropriate security controls and requirements per JSIG, DoD RMF, NISPOM, or other related governing security policies and governances as required by customers.

BASIC QUALIFICATIONS (REQUIRED SKILLS/EXPERIENCE):

• Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science
• Security certification, IAM Level 2 DoD 8570/8140 compliant certification (i.e. IAM Level 2 – CAP, GISF, GSLC, Security+)
• Risk Management Framework process along with both the NIST and DOD standards for RMF
• 5+ years’ experience in development of cybersecurity philosophies, patterns, requirements, secure architectures, and designs
• 5+ years’ experience in coordinating and presenting technical content to an audience, as well as preparing technical documentation
• Knowledge of cyber security incident response protocols (identification, impact assessment, containment, remediation, evidence handling, technical reporting, etc.) and safeguarding information
• Experience and/or knowledge in product security or cybersecurity concepts
• Experience generating product cyber security artifacts for customer/certifiers.
• Experience performing adversity (threat) analysis, security risk assessments, and maturing the analysis throughout the development lifecycle – to inform requirements, and design
• Knowledge of VMware (infrastructure)
• Experience scanning for vulnerabilities, implement mitigations, install, administer, and troubleshoot on the following operating systems: Microsoft Windows 10, Windows Server 2016+, Linux Distributions (Red Hat Enterprise)

PREFERRED QUALIFICATIONS (DESIRED SKILLS/EXPERIENCE):

• 8+ years’ experience in development of cybersecurity philosophies, patterns, requirements, secure architectures, and designs.
• 8+ years of experience with cybersecurity policies and implementation of Risk Management Framework (RMF): e.g. DAAPM, CNSSI 1253, ICD-503, JSIG, and/or NIST SP 800 series
• Experience scanning for vulnerabilities, implement mitigations, install, administer, and troubleshoot on the following operating systems: MAC OS, Microsoft Windows 11, Microsoft Server 2022, Raspberry PiSplunk Syslogs, Scripting languages
• Experience in product cyber security for avionics systems and component level development
• Experience in requirements analysis and allocation
• Experience with Systems Security Engineering or Product Security Engineering
• Risk Management Framework process along with both the NIST and DOD standards for RMF
• 2+ years of software experience: knowledge of higher order language programming languages (C/C++, Ada etc.), understanding of software life cycle, ability to read and understand code, and some understanding of secure code practices.

EDUCATION

Bachelor’s Degree or Equivalent Required

• Advises customers on maintaining product security and certification, including security consequences of modifying products and services.
• Participates in change management activities as assigned by the ISSM, assisting stakeholders (system administrators, etc.) with the declaration and documentation of ports, protocols and services required for the information system
• Participate in remanence security risk management processes
• Execute procedures that identify and mitigate the residual risk and risk tolerance.
• Implements Risk Management Framework (RMF) processes, product development and product maintenance for assigned systems
• Performs security compliance continuous monitoring
• Perform security assessments and audits
• Prepares and presents technical reports and briefings
• Identifies root causes, the prioritization of threats, and recommends/implements corrective action
• Provides mentoring and technical leadership within the information security program team
• Explores the enterprise and industry for the evolving state of industry knowledge and methods regarding information security standard methodologies
• Supports development of MTS information security policies, standards, guidelines and procedures will affect other operating locations
• Supports Defense Federal Acquisition Regulation Supplement (DFARS) and Cybersecurity Maturity Model Certification (CMCC) requirements based on contractual requirements for KC-46 MTS