Product Security Engineer

at  Boeing

At Boeing, we innovate and collaborate to make the world a better place. From the seabed to outer space, you can contribute to work that matters with a company where diversity, equity and inclusion are shared values. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
At Boeing, we innovate and collaborate to make the world a better place. From the seabed to outer space, you can contribute to work that matters with a company where diversity, equity, and inclusion are shared values. We’re committed to fostering an environment for every teammate that’s welcoming, respectful, and inclusive, with great opportunity for professional growth. Find your future with us.
Maritime & Intelligence Systems (M&IS) is a growing business within Space, Intelligence, and Weapon Systems (SI&WS) which is part of Boeing Defense, Space & Security (BDS). Space, Intelligence, and Weapon Systems (SI&WS) is focused on delivering complex solutions in some of the most challenging environments on Earth. M&IS seeks a Product Security Engineer to join our team in Herndon, Virginia to support the Mission Operations Portfolio area in design, build, test, deploy, operate, and maintain of a wide variety of mission critical platforms and systems for commercial and government customers. This position will lead the development, implementation, and sustainment of product security and resiliency throughout the lifecycle.

Position Purpose:

• Lead and support Boeing customers throughout multiple classified computing domains. Rely on your Information Systems product security background.
• Develop and enhance system requirements and architectures for product security to meet all applicable certification and customer requirements.
• Apply an interdisciplinary, collaborative approach to lead activities to strategize, plan, design, develop, and verify highly complex security solutions to meet enterprise needs.
• Provide definitions and identification of product security requirements for modernization of legacy equipment and environments.
• Advise management on a wide range of high leverage information security-related topics.

BASIC QUALIFICATIONS (REQUIRED SKILLS/EXPERIENCE):

• Successful completion of Tier 5 Investigation (T5), formerly known as a Single Scope Background Investigation (SSBI) by the federal government within the last 5 years or requires candidate to have been enrolled in a Continuous Vetting program within the last 5 years.
• Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science.
• Experience with cyber security policies and implementation of Risk Management Framework (RMF): e.g. DAAPM, CNSSI 1253, ICD-503, JSIG, and/or NIST SP 800 series
• Experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include: eMASS, NESSUS, ACAS, DISA STIGs, SCAP, Splunk/Audit Reduction, and HBSS.
• 5+ years of experience with SDLC (Software/Systems Development Lifecycle).

PREFERRED QUALIFICATIONS (DESIRED SKILLS/EXPERIENCE):

• Experience working in a customer facing role executing Information System Security Vulnerability Assessments, to include conducting customer out briefs and generating reports.
• Experience working with multiple technologies such as RHEL 8 and above, or Windows server 2019 and above, or Windows 10 or newer.
• Experience with multiple scripting languages (e.g., PowerShell, Python, Bash, Ansible, etc.).
• Experience creating system security implementation solutions against customer requirements.
• Experience with installation and configuration of Splunk Enterprise; to include creation of Apps and Dashboards to audit analysis specifications.
• Experience with software development tools, such as, DOORS, GitLab, Jira, Cohesity, etc.
• Experience in Group Policy Management and implementation.
• Experience with Agile development within a DevSecOps environment.
• Experience leading audits conducted by external stakeholders.

TYPICAL EDUCATION & EXPERIENCE:

Lead (level 4): Education/experience typically acquired through advanced technical education from an accredited course of study in engineering, computer science, mathematics, physics or chemistry (e.g. Bachelor) and typically 9 or more years’ related work experience or an equivalent combination of technical education and experience (e.g. PhD+4 years’ related work experience, Master+7 years’ related work experience). In the USA, ABET accreditation is the preferred, although not required, accreditation standard.
Lead (level 5): Education/experience typically acquired through advanced technical education from an accredited course of study in engineering, computer science, mathematics, physics or chemistry (e.g. Bachelor) and typically 14 or more years’ related work experience or an equivalent combination of technical education and experience (e.g. PhD+9 years’ related work experience, Master+12 years’ related work experience). In the USA, ABET accreditation is the preferred, although not required, accreditation standard.

POSITION RESPONSIBILITIES:

• Oversee coordination with government, customers, suppliers, and industry at the most senior levels to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems.
• Define complex research and development activities resulting in innovative solutions.
• Explore the enterprise and industry for evolving state of industry knowledge and methods regarding information security best practices.
• Lead development of enterprise-wide information security policies, standards, guidelines, and procedures that may reach across multiple stakeholder organizations.
• Advise customers on maintaining product security and certification, including security consequences of modifying products and services.
• Conduct risk assessments and investigations, execute appropriate risk mitigation, and oversee incident response activities.
• Interface with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with requirements.
• Utilize knowledge of cybersecurity incident response protocols (e.g., identification, impact assessment, containment, remediation, evidence handling, technical reporting, etc.) and safeguarding information.
• Identify susceptibility, survivability, and vulnerability (S/V) of the systems, subsystems and delivery mechanisms, based on the knowledge of characteristics and capabilities of threats.
  This position is expected to be fully onsite in Herndon, VA.
  This position requires an active U.S. Top Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active.)

Position Purpose:

• Lead and support Boeing customers throughout multiple classified computing domains. Rely on your Information Systems product security background.
• Develop and enhance system requirements and architectures for product security to meet all applicable certification and customer requirements.
• Apply an interdisciplinary, collaborative approach to lead activities to strategize, plan, design, develop, and verify highly complex security solutions to meet enterprise needs.
• Provide definitions and identification of product security requirements for modernization of legacy equipment and environments.
• Advise management on a wide range of high leverage information security-related topics