About the position
At Boeing, we innovate and collaborate to make the world a better place. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us. The Boeing Company is looking for a Software Security Engineer to join the Enterprise Product Security Software organization in Berkeley or Hazelwood, MO, to support Secure Coding, Secure Engineering Environments, and Software Assurance across various efforts within Boeing Defense, Space, and Security (BDS). Our teams are currently hiring for a broad range of experience levels including Associate and Mid-Level Software Security Engineers. The successful candidate will be responsible for driving the development, implementation, and sustainment of product security and resiliency throughout the engineering lifecycle, protecting our commercial and military airplanes' products and the aviation ecosystem. As a member of the Enterprise Product Security Software organization, you will have support from security experts across all business units, and exposure to a large variety of products and services. With a focus on Software Security, you will be accountable for the security of software products and pipelines across the world's leading portfolio of commercial and defense airplanes, satellites and weapons.
Responsibilities
- Assess the adversity faced by software subsystems in the context of the larger system
- Secure cloud-based software development environments
- Manage risk in accordance with accepted industry, professional, and government standards to ensure security design integrity, availability, confidentiality, and regulatory compliance
- Develop security requirements and coordinate with multiple system stakeholders to identify and properly implement and verify security measures to mitigate the risks, threats and vulnerabilities
- Perform requirements verification on software security engineering products using inspection, analysis, demonstration, and test methods
- Implement Secure Software distribution systems for embedded platforms
- Deploy DevSecOps best practices into Program pipelines, including tool selection, configuration, and analysis
- Provide technical data and develop documentation in accordance with requirements and system security engineering processes and procedures for internal reference and external delivery
- Support Product Security Incident Response Team to respond to security events
- Define and deploy consistent software security standards within the Software Development Lifecycle
- Identify improvements to ensure software implementation is aligned to industry and Boeing software assurance best practices
Requirements
- Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science
- Ability to work well with a geographically dispersed cross-functional and matrix team Software Development Background, or other experience with DevSecOps CI/CD Pipelines
- 2+ years of work-related experience in Cybersecurity
Nice-to-haves
- Mid-Level: 5+ years related work experience or an equivalent combination of education and experience
- 5+ years of work-related experience in Cybersecurity
- Experience with Secure Software Distribution; Certificates; PKI; HSM; etc.
- Experience with Cloud development environments, including AWS and Azure; IAM; RBAC/ABAC
- Experience with Systems Security Engineering and breaking down requirements
- Experience in security architectures, network security, embedded systems security, security testing and evaluation, network design, PKI infrastructure
- Excellent written/oral communication skills to effectively convey cybersecurity concepts across business and technical stakeholders
- Cybersecurity Certifications not limited to Security+, CISSP, CEH etc.
- Knowledge of Secure Software Development Framework (NIST SP 800-218), or CISA Self-Attestation Common Form
- General knowledge of DoD, NASA and FAA security requirements related to Product Security
- 3+ years of experience in the field of product security, anti-tamper and/or secure computing
- Ability to collaborate with team members and develop execution plans for deliverables
- 2+ years of experience in Agile project management
- Experience on a multi-disciplinary team meeting aggressive schedules
- Experience scanning for vulnerabilities, implement and assess mitigations, install, administer, and troubleshoot on various operating systems
Benefits
- Competitive base pay and variable compensation opportunities
- Health insurance
- Flexible spending accounts
- Health savings accounts
- Retirement savings plans
- Life and disability insurance programs
- Programs that provide for both paid and unpaid time away from work
