Product Security (Cyber) Test Engineer (Associate or Experienced) at Boeing
Berkeley, Missouri, USA -
Full Time


Start Date

Immediate

Expiry Date

02 Aug, 25

Salary

0.0

Posted On

03 May, 25

Experience

1 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Embedded Systems, Windows, Linux, Physics, Penetration Testing, Product Security, Vxworks, Computer Science, Program Planning, Risk Assessment, Chemistry, Avionics, Defense, Data Science, Mathematics, Operating Systems

Industry

Information Technology/IT

Description

At Boeing, we innovate and collaborate to make the world a better place. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
The Boeing Test & Evaluation (BT&E) team is seeking a Product Security (Cyber) Test Engineer to support the Air Proprietary 1 (AP1) program in Berkeley, MO. This role will be responsible for executing the cyber test lifecycle. You will be joining a cybersecurity pentest team focused on product testing. The successful candidate will perform threat assessments and execute adversarial testing with engineering rigor. You will lead the development of cyber test cases, conduct pentesting, and perform test reporting as a part of an engineering team located in the greater St. Louis area.
You will be joining a growing multi-disciplinary cybersecurity engineering organization that is responsible for the security and resiliency of our products, platforms, and services. This position will support the various phases of the Product Test Lifecyle by supporting test proposals, developing test plans and schedules, executing pentesting, and supporting post-test activities. Joining this team will put you at the cutting edge of Boeing Product Security testing.
BT&E is currently hiring for a broad range of experience levels including Associate and Experienced level Product Security Test Engineers.

BASIC QUALIFICATIONS (REQUIRED SKILLS/EXPERIENCE):

  • Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science
  • 1+ years of experience working with Department of Defense (DoD) organizations, projects and/or programs
  • 1+ years of experience planning and executing penetration testing of either IT based systems or Avionics embedded systems
  • Able to travel both domestically and internationally

PREFERRED QUALIFICATIONS (DESIRED SKILLS/EXPERIENCE):

  • 3 or more years of related work experience or an equivalent combination of education and experience
  • Demonstrated ability to engage with stakeholders to define/plan/resource/deliver solutions (state years of experience)
  • Experience working with Product Security (non-IT) Cyber Compliance and/or Avionics Embedded systems risk management assessment
  • Experience supporting Cyber Table Top, Mission Based Cyber Risk Assessment, or equivalent exercises
  • Experience evaluating cybersecurity in one or more of the following domains:
  • Windows, Linux, VxWorks, and INTEGRITY Operating Systems
  • IP-Based Networks
  • Avionics, Embedded Systems, Non-Standard Ethernet Protocols (ARINC, MIL-STD)
  • RF interfaces
  • Experience with cybersecurity compliance frameworks such as NIST CSF, DoD RMF, CMMC or PCI/DSS
  • Experience coordinating and presenting technical content to a diverse audience
  • Experience designing and/or testing product systems
  • Experience with program planning (cost and schedule)
  • Experience with Aircraft Platforms, Weapon Systems and/or C5ISR

EDUCATION

Bachelor’s Degree or Equivalent Required

Responsibilities
  • Execute penetration tests to identify, exploit, and assess a target system’s vulnerabilities in a threat-representative manner on embedded systems and IP-based networks
  • Support emulation of advanced cyber adversary tactics, techniques and procedures (TTPs) targeting avionic systems
  • Support controlled attack simulations that test the effectiveness of a blue team and its capabilities to detect, block, and mitigate attacks and breaches
  • Support development of exploits and malware targeting modern operating systems and defenses
  • Support the development of cyber test tools as necessary to achieve threat emulation objectives
  • Communicate recommendations for improvements via reports or presentations to customers using common frameworks such as MITRE ATT&CK, Cyber Kill Chain, etc.
  • Occasional domestic and international travel as needed
Loading...