Apply on Employer Site

Boeing · 12 hours ago

Product Security Engineer

Colorado Springs, CO

Full-time

Onsite

Entry, Mid, Senior Level

$102K/yr - $138K/yr

1+ years exp

Boeing is a leader in aerospace innovation, seeking motivated Product Security Engineers to join their Missile Defense Program in Colorado Springs, Colorado. The role involves supporting cybersecurity engineering efforts for the C2BMC Programs, including vulnerability remediation and ensuring compliance with cybersecurity standards.

AerospaceIndustrial

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Developing and verifying installation instructions for Cyber Tools and Vendor Patches

Applying Security Technical Implementation Guides (STIGs)

Managing and addressing any Cyber Tasking Orders (CTOs) related to the Cyber Tools

Integrating, configuring and automating the installation of the Elastic Stack with the existing set of Cyber Tools on the C2BMC system

Working with various C2BMC teams to ensure compatibility and seamless integration of Cyber Tools within the larger system

Documentation and verification of all installation and configuration steps for the labs and operations deliveries

Providing feedback to Cyber Leadership and engineers to improve the cybersecurity tools and processes

Verifying the Elastic Stack meets contractual requirements

Documenting the installation and delivering installation instructions to deploy the Elastic Stack

Installing, deploying, and unit testing other Cyber Tools such as ACAS, ArcSight, BigFix, Delinea, Endgame, ESS, Axway Repeater, and Responder for Windows MFA in National Team (NT) labs, the C2BMC Testbed (CTB), and Operations

Collaborating with local Information System Security Officers (ISSOs) to ensure compliance with relevant cybersecurity standards and regulations

Assess organization-wide security and privacy risk and update assessment results on an ongoing basis

Perform system analysis and develop system test for cyber threats, cyber test activities, and the cybersecurity of large-scale events

Perform cyber risk assessments and develop risk mitigation plans

Support the engineering installation & analysis of patches and various system updates and upgrades to determine system consequence of these changes

Attend, collect data from, out brief, and facilitate collaboration and project management from various program boards

Support cyber threat intelligence activities

Support the development and maintenance of cyber scanning, patching, remediation, tools and applications

Support, as required, TEMPEST, DFARS, COMSEC, CNSSI, and other compliance drivers as needed

Support and facilitate various ATO packages including processing IAVMs and CTOs for the same

Perform and/or support the development of tools for cyber forensics

Develop, define efficiencies and improvements to tools to improve team productivity

Perform system analysis trade studies to define technical concepts and solutions

Qualification

Cybersecurity engineeringDoD 8570 certificationWindows/RHEL System adminCybersecurity frameworksSoftware Assurance knowledgeAnalytical skillsCollaboration skillsCommunication skillsOrganizational skills

Required

Bachelor of Science degree from an accredited course of study in Engineering, Engineering Technology (includes Manufacturing Engineering Technology), Chemistry, Physics, Mathematics, Data Science, or Computer Science

Active Top Secret clearance

Current DoD 8570 certification at IAT Level II / IAM Level I or higher (e.g., Security+, GSEC, SCNP, SSCP, CISSP, CISA, GSE, SCNA)

1+ years experience in product security / cybersecurity engineering

1+ years experience with industry standard cybersecurity frameworks (NIST, OWASP, DFARS)

Experience using analytical, collaboration, communication and organizational skills

Preferred

2 years+ experience in Windows/RHEL System admin experience, installing, tuning & troubleshooting Cyber Tools to include ESS/HBSS, ConfigOS, Splunk/Elastic etc

2 years+ experience in configuring, running, and scripting audit tools

2 years+ experience using knowledge of Software Assurance (SwA) static and/or dynamic code analysis (e.g. Fortify)

Experience with Federal Information Security Management Act (FISMA)/RMF and National institute of Standards and Technology (NIST) 800-53 requirements

Experience leading system and component level cyber test and evaluation, including threat and security assessments, and tabletop exercises

Experienced self-starter with strong written and oral communication skills, and a focus on translating technically complex issues into simple, easy to understand concept

Growing understanding of DoD and missile defense command and control, battle management, architectures and communications system concepts, mission, and common system test and data analysis techniques