Apply on Employer Site

Boeing · 1 day ago

Product Security Engineer

Albuquerque, NM

Full-time

Onsite

Mid, Senior Level

$128K/yr - $174K/yr

5+ years exp

Boeing is a company committed to innovation and collaboration, seeking a mid-Level Product Security Engineer to join their Defense, Space, and Security Engineering division. The role involves developing and sustaining product security throughout various lifecycle phases and coordinating with stakeholders to enhance security standards.

AerospaceIndustrial

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Develop, implement, and sustain product security and resiliency throughout the requirements, design, build, test, production, operations, and support lifecycle

Develop and enhance system requirements and architectures for product security to meet all applicable certification and customer requirements

Ensure security of facilities, equipment, tools, data, networks, and resources used for product: design, development, build, test, storage, delivery, operations, and support

Define and identify product security requirements for suppliers of components and subsystems for integration into Boeing products and services

Coordinate with government, customers, suppliers, and industry to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems

Conduct research and development activities that result in innovative solutions

Advise customers on maintaining product security and certification, including security consequences of modifying products and services

Qualification

Product Security EngineeringIncident ResponseSystem Security EngineeringRisk ManagementModel-Based Systems EngineeringCyber Supply Chain Risk ManagementData AnalysisSecure Software DevelopmentEmerging Technologies KnowledgeSoft Skills

Required

Education/experience typically acquired through advanced technical education from an accredited course of study in Engineering, Engineering Technology (includes Manufacturing Engineering Technology), Computer science, Engineering Data Science, Mathematics, Physics, or Chemistry (e.g. Bachelor) AND typically 5 or more years' related work experience or an equivalent combination of technical education and experience or non-US equivalent qualifications. In the USA, ABET accreditation is the preferred, although not required, accreditation standard

Skills and abilities to: collect, organize, synthesize, and analyze data; summarize findings; develop conclusions and recommendations from appropriate data sources. Develop and support security developmental and operational test planning & execution

Engineering-focused experience in incident response, designing and implementing technical controls and workflows to detect, contain, and remediate cyber incidents while preserving forensic integrity

Ability to identify susceptibility, survivability, and vulnerability (S/V) of the systems, subsystems and delivery mechanisms, based on the knowledge of characteristics and capabilities of threats (e.g. protocol exploits, identity spoofing, malware injection techniques, application layer vulnerabilities)

Knowledge of emerging computing and information technology areas to manage advanced research computing technology proposals, projects and resources

Knowledge of system security domains (e.g., information assurance, anti-tamper, intrusion detection, software protection, software assurance, communications security, encryption and key management, network security, reverse engineering, countermeasures, certification and accreditation, special security endorsement) and industry and government guidance and regulations which engineers apply to produce secure systems. Experience with performing system security engineering activities that follow NIST 800-160. Strong understanding of secure network architecture and design

Experienced in engineering requirements decomposition. Demonstrated expertise in implementing and maintaining DoD security policies and regulations, including threat & risk assessments, accreditation processes, and continuous monitoring to ensure mission assurance and compliance

Knowledge and understanding of the methodology and processes associated with risk management, conducting trade studies including cost as an independent variable (CAIV) trade. Ability to: identify and quantify potential risks areas within specific (depth) and across multiple engineering disciplines (breadth); understand design constraints (technical, cost & schedule); identify and trade alternatives (i.e., trade studies); select/recommend the best plan for mitigating risks; implement and execute plans for mitigating risk; and establish appropriate performance tracking metrics to track risk burndown over time

Ability to effectively utilize risk management tools (iso-risk charts/plots, waterfall, etc.) to support program/project execution

Demonstrated systems-thinking to analyze complex technical and organizational interactions, identify root causes, and design scalable, resilient solutions across hardware, software, and process domains

This position requires an active U.S. Top Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)

Bachelor's Degree or Equivalent Required

Preferred

Knowledgeable in applying Multi-Level Security (MLS) and Cross-Domain Solutions (CDS) to enable secure information sharing across classification and network domains

Proficient in Model-Based Systems Engineering (MBSE) tools to design, analyze, and validate complex systems throughout the lifecycle

Understanding Secure Software Development within DevSecOps

Knowledgeable in Cyber Supply Chain Risk Management (C-SCRM) to identify, assess, and mitigate supplier-originated risks across hardware, software, and services

Advanced knowledge of design concepts and techniques (e.g., concurrent engineering, Design for Manufacture/Assembly [DFM/A])

Familiarity with industrial control systems (ICS) and proprietary standards and protocols