Apply on Employer Site

Boeing · 1 day ago

Product Security Engineer

Albuquerque, NM

Full-time

Onsite

Senior Level, Lead/Staff

$162K/yr - $276K/yr

9+ years exp

Boeing is a leading aerospace company committed to innovation and collaboration. They are seeking two Product Security Engineers to develop and sustain product security throughout the lifecycle, ensuring compliance with certification and customer requirements while coordinating with various stakeholders to improve security standards.

AerospaceIndustrial

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Develop, implement, and sustain product security and resiliency throughout the requirements, design, build, test, production, operations, and support lifecycle

Develop and enhance system requirements and architectures for product security to meet all applicable certification and customer requirements

Ensure security of facilities, equipment, tools, data, networks, and resources used for product: design, development, build, test, storage, delivery, operations, and support

Define and identify product security requirements for suppliers of components and subsystems for integration into Boeing products and services

Coordinate with government, customers, suppliers, and industry to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems

Conduct research and development activities that result in innovative solutions

Advise customers on maintaining product security and certification, including security consequences of modifying products and services

Qualification

Product Security EngineeringIncident ResponseRisk ManagementModel-Based Systems EngineeringCyber Supply Chain Risk ManagementSecure Software DevelopmentData AnalysisSystems ThinkingCommunication SkillsCollaboration Skills

Required

Active U.S. Top Secret Security Clearance (U.S. Citizenship Required)

Level 4 - Education/experience typically acquired through advanced technical education from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), computer science, engineering data science, mathematics, physics or chemistry (e.g. Bachelor) and typically 9 or more years' related work experience or an equivalent combination of technical education and experience or non-US equivalent qualifications. In the USA, ABET accreditation is the preferred, although not required, accreditation standard

Level 5 - Education/experience typically acquired through advanced technical education from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), computer science, engineering data science, mathematics, physics or chemistry (e.g. Bachelor) and typically 14 or more years' related work experience or an equivalent combination of technical education and experience or non-US equivalent qualifications. In the USA, ABET accreditation is the preferred, although not required, accreditation standard

Skills and abilities to: collect, organize, synthesize, and analyze data; summarize findings; develop conclusions and recommendations from appropriate data sources. Develop and support security developmental and operational test planning & execution

Engineering-focused experience in incident response, designing and implementing technical controls and workflows to detect, contain, and remediate cyber incidents while preserving forensic integrity

Ability to identify susceptibility, survivability, and vulnerability (S/V) of the systems, subsystems and delivery mechanisms, based on the knowledge of characteristics and capabilities of threats (e.g. protocol exploits, identity spoofing, malware injection techniques, application layer vulnerabilities)

Knowledge of emerging computing and information technology areas to manage advanced research computing technology proposals, projects and resources

Knowledge of system security domains (e.g., information assurance, anti-tamper, intrusion detection, software protection, software assurance, communications security, encryption and key management, network security, reverse engineering, countermeasures, certification and accreditation, special security endorsement) and industry and government guidance and regulations which engineers apply to produce secure systems. Experience with performing system security engineering activities that follow NIST 800-160. Strong understanding of secure network architecture and design

Experienced in engineering requirements decomposition. Demonstrated expertise in implementing and maintaining DoD security policies and regulations, including threat & risk assessments, accreditation processes, and continuous monitoring to ensure mission assurance and compliance

Knowledge and understanding of the methodology and processes associated with risk management, conducting trade studies including cost as an independent variable (CAIV) trade. Ability to: identify and quantify potential risks areas within specific (depth) and across multiple engineering disciplines (breadth); understand design constraints (technical, cost & schedule); identify and trade alternatives (i.e., trade studies); select/recommend the best plan for mitigating risks; implement and execute plans for mitigating risk; and establish appropriate performance tracking metrics to track risk burndown over time

Ability to effectively utilize risk management tools (iso-risk charts/plots, waterfall, etc.) to support program/project execution

Demonstrated systems-thinking to analyze complex technical and organizational interactions, identify root causes, and design scalable, resilient solutions across hardware, software, and process domains

Preferred

Knowledgeable in applying Multi-Level Security (MLS) and Cross-Domain Solutions (CDS) to enable secure information sharing across classification and network domains

Proficient in Model-Based Systems Engineering (MBSE) tools to design, analyze, and validate complex systems throughout the lifecycle

Understanding Secure Software Development within DevSecOps

Knowledgeable in Cyber Supply Chain Risk Management (C-SCRM) to identify, assess, and mitigate supplier-originated risks across hardware, software, and services

Advanced knowledge of design concepts and techniques (e.g., concurrent engineering, Design for Manufacture/Assembly [DFM/A])

Familiarity with industrial control systems (ICS) and proprietary standards and protocols

Benefits

Health insurance

Flexible spending accounts

Health savings accounts

Retirement savings plans

Life and disability insurance programs

Paid and unpaid time away from work

Best in class 401(k) plan: we'll match your contributions dollar for dollar, up to 10% of eligible pay with Immediate 100% vesting

Student Loan Match: The Boeing 401(k) Student Loan Match allows eligible enrolled U.S. employees to have their qualified student loan debt payments counted, along with any match-eligible contributions they make, for purposes of determining the Company Match to employees' Boeing 401(k) accounts.