Apply on Employer Site

Boeing · 2 days ago

Senior Offensive Cybersecurity Test Engineer

Berkeley, MO

Full-time

Onsite

Senior Level

$204K/yr - $276K/yr

5+ years exp

Boeing is a leading aerospace company committed to innovation and collaboration. They are seeking a Senior Offensive Cybersecurity Test Engineer to support their Test & Evaluation cyber test capability, focusing on product security testing, risk assessments, and penetration tests.

AerospaceIndustrial

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Lead execution of penetration tests to identify, exploit, and assess a target system’s vulnerabilities in a threat-representative manner on embedded systems and IP-based networks

Subject Matter Expert for emulating advanced cyber adversary (advanced persistent threats) tactics, techniques and procedures (TTPs)

Lead controlled attack simulations that test the effectiveness of a blue team and its capabilities to detect, block, and mitigate attacks and breaches

Develop exploits and malware targeting modern operating systems and defenses

Reverse engineering firmware and software to support vulnerability identification

Develop cyber test tools as necessary to achieve threat emulation objectives

Communicate recommendations for improvements to customer stakeholders via reports or presentations using common frameworks such as MITRE ATT&CK, Cyber Kill Chain, etc

Participate in test design and planning

Occasional domestic and international travel as needed

Qualification

Penetration TestingCybersecurity ResearchVulnerability AssessmentsProduct SecurityScripting LanguagesCyber Risk AssessmentReverse EngineeringTechnical Team LeadershipStakeholder EngagementProgram PlanningCryptography KnowledgeAircraft PlatformsWeapon SystemsC5ISRCertificationsCommunication Skills

Required

Bachelor of Science degree in Engineering, Engineering Technology (including Manufacturing Technology), Computer Science, Data Science, Mathematics, Physics, Chemistry or non-US equivalent qualifications directly related to the work statement

5+ years of experience in product security, cybersecurity research, or a related field

5+ years of experience leading projects or engineering teams

5+ years of experience planning and executing penetration testing of either IT based systems or Avionics embedded systems

5+ years of experience working with Department of Defense (DoD) organizations, projects and/or programs

3+ years of experience leading and mentoring a technical team

Able to travel both domestically and internationally

This position requires an active U.S. Secret Security Clearance (U.S. Citizenship Required)

This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a 'U.S. Person' as defined by 22 C.F.R. 120.62 is required. 'U.S. Person' includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee

Preferred

Demonstrated ability to engage with stakeholders to define/plan/resource/deliver

Experience designing and/or testing product systems

Experience working with Product Security (non-IT) Cyber Compliance and/or Avionics Embedded systems risk management assessment

Experience facilitating and/or supporting Cyber Table Top, Mission Based Cyber Risk Assessment, or equivalent exercises

Experience planning and executing penetration tests in one or more of the following domains: Windows, Linux, VxWorks, and INTEGRITY Operating Systems, IP-Based Networks, Avionics, Embedded Systems, Non-Standard Ethernet Protocols (ARINC, MIL-STD), RF interfaces

Experience evaluating cybersecurity of proprietary protocols, applications, and firmware within a complex, integrated environment

Experience coordinating and presenting technical content to a diverse audience

Experience with program planning (cost and schedule)

Experience with scripting languages such as Bash, Python, PowerShell

Experience with Aircraft Platforms, Weapon Systems and/or C5ISR

Knowledgeable in Cryptography and Reverse Engineering

One or more of the following Certifications: Offensive Security Certified Engineer (OSCE), Offensive Security Certified Professional (OSCP), GIAC Certified Exploit Researcher and Advanced Penetration Testers (GXPN), GIAC Reverse Engineering Malware (GREM), Certified Information System Security Professional (CISSP)