About the position
The Boeing Company is looking for a Software Security Engineer to join the Enterprise Product Security Software organization in Seattle, WA, in order to support Secure Coding, Certification, and Software Assurance across various programs in Boeing Commercial Airplanes (BCA) and Boeing Defense, Space, and Security (BDS). The successful candidate will be responsible for driving the development, implementation, and sustainment of product security and resiliency throughout the software development lifecycle; protecting our commercial and military airplanes’ products and the aviation ecosystem. As a member of the Enterprise Product Security Software organization, you will have support from security experts across all business units, and exposure to a large variety of products and services. With a focus on Software Security, you will be accountable for the security of software products and pipelines across the world's leading portfolio of commercial and defense airplanes, satellites and weapons. The Boeing Company is looking for a range of experience levels including; Associate, Mid-Level, and Senior.
Responsibilities
- Assess the adversity faced by software subsystems in the context of the larger system
- Secure cloud-based software development environments
- Manage risk in accordance with accepted industry, professional, and government standards to ensure security design integrity, availability, confidentiality, and regulatory compliance
- Develop security requirements and coordinate with multiple system stakeholders to identify and properly implement and verify security measures to mitigate the risks, threats and vulnerabilities
- Perform requirements verification on software security engineering products using inspection, analysis, demonstration, and test methods
- Perform Common Vulnerabilities and Exploits (CVE) analysis and coordinate with system stakeholders to appropriately mitigate and address to reduce likelihood and consequences of CVE impacting system operation
- Deploy DevSecOps best practices into Program pipelines, including tool selection, configuration, and analysis
- Provide technical data and develop documentation in accordance with requirements and system security engineering processes and procedures for internal reference and external delivery
- Support Product Security Incident Response Team to respond to security events
- Define and deploy consistent software security standards within the Software Development Lifecycle
- Identify improvements to ensure software implementation is aligned to industry and Boeing software assurance best practices
Requirements
- Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science
- 5+ years of experience in a role that required teaming and collaboration skills, and ability to work well with a geographically dispersed cross-functional and matrix team
- 2+ years of experience leading a team and/or technical project
- Software Development Background, or other experience with DevSecOps CI/CD Pipelines
Nice-to-haves
- Mid-level: 4+ years of work-related experience in Cybersecurity
- Senior: 8+ years of work-related experience in Cybersecurity
- Experience with Systems Security Engineering and breaking down requirements
- Excellent written/oral communication skills to effectively convey cybersecurity concepts across business and technical stakeholders
- Experience in security architectures, network security, embedded systems security, security testing and evaluation, network design, PKI infrastructure
- Cybersecurity Certifications not limited to Security+, CISSP, CEH etc.
- Knowledge of Secure Software Development Framework (NIST SP 800-218), or CISA Self-Attestation Common Form
- General knowledge of DoD, NASA and FAA security requirements related to Product Security
- 3+ years of experience in the field of product security, anti-tamper and/or secure computing
- Ability to collaborate with team members and develop execution plans for deliverables
- 2+ years of experience in Agile project management
- Experience securing cloud-based infrastructure and architecture (pref AWS)
- Experience on a multi-disciplinary team meeting aggressive schedules
- Experience scanning for vulnerabilities, implement and assess mitigations, install, administer, and troubleshoot on various operating systems
- Familiarity with network topography, and security
Benefits
- Competitive base pay and variable compensation opportunities
- Health insurance
- Flexible spending accounts
- Health savings accounts
- Retirement savings plans
- Life and disability insurance programs
- Programs that provide for both paid and unpaid time away from work
