What you'd actually do

Analyze customer and regulatory information system security requirements and decompose them into system security design specifications.

Interface directly with the customers and engineers to ensure that security requirements are designed into the products and evaluated for effectiveness.

Perform as the key system security focal throughout the DevSecOps framework.

Develop IT architecture deliverables, specific to information security countermeasure implementations, for operational systems and systems under development.

Provide technical cyber security guidance to IT Administrators, Systems Architect, Systems Engineers, and Software Developers.

Skills

Required

Bachelor’s degree or higher in a technical field
5+ years’ software testing and software verification
Active CompTIA Security+ certified (or similar certification meeting DoD Directive 8570.01 Certification Requirements)
1+ years’ experience working with Information Assurance Policy & RMF
1+ years’ experience with security and vulnerability scanning tools such as ACAS/Nessus, STIG's, and SCC
1+ years’ experience working in complex test planning, development, and execution

Nice to have

DoD 8570.01-M IAT Level III Certification (e.g., CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP); and IASAE Level II (e.g., CASP+ CE, CISSP (or Associate), CSSLP)
Experience acting as a Test Engineer or Software Assurance Engineer.
Experience with software development tools, such as, DOORS, ClearCase, GitLab, Jira, Coverity, etc.
Experience with developing Threat Modeling, Attack Profiles, Threat and Risk Assessments on aircraft platforms and weapon systems.
Experience with evaluating and refining customer security requirements.
Experience capturing/documenting system security designs throughout the System Development Lifecycle (SDLC) process (e.g., System Diagrams, System Security Plans, Hardware Baselines, Software Baselines, Network Diagrams, Security Controls Traceability Matrices, Standard Operating Procedures, etc.)
Ability to work independently, actively participate on integrated teams, and lead a task, project, or small team.
Experience working in a customer facing role executing Information System Security Vulnerability Assessments, to include conducting customer out briefs and generating reports.
Experience working with multiple technologies such as RHEL 8 and above, and/or CISCO IOS/NXOS, and/or Windows server 2019 and above, and/or Windows 10 or newer.
Experience with multiple scripting languages (e.g., PowerShell, Python, Bash, Ansible, etc.)
Experience creating system security implementation solutions against customer requirements.
Experience with installation and configuration of Splunk Enterprise; to include creation of Apps and Dashboards to audit analysis specifications.
Experience in Group Policy Management and implementation.
Experience with Agile development within a DevSecOps environment.

Product Security Analyst (Mid-level or Senior)

Company:

The Boeing Company

Boeing Defense Space & Security (BDS) is seeking an Experienced Product Security Analyst to support the P-8A program in Richardson, TX.

The candidate will join a team supporting product cybersecurity efforts across multiple systems and labs for both training and development efforts. The BDS Product Security Engineering team is responsible for the cybersecurity and resiliency of Boeing products and services, bridging the gap between high level security policies/requirements and technical/operational implementation of those requirements. The work is multi-disciplinary and includes activities in cyber and systems security analysis, engineering, test, and vulnerability assessments and mitigation.

At Boeing, we innovate and collaborate to make the world a better place. By joining our team, you will become an integral part of an organization that deeply values teamwork, fosters creativity, and upholds the highest standards of engineering technical excellence to ensure our products are secure. Contribute to work that matters with a company where diversity, equity and inclusion are shared values. Find your future with us!

Position Responsibilities:

Analyze customer and regulatory information system security requirements and decompose them into system security design specifications.
Interface directly with the customers and engineers to ensure that security requirements are designed into the products and evaluated for effectiveness.
Perform as the key system security focal throughout the DevSecOps framework.
Develop IT architecture deliverables, specific to information security countermeasure implementations, for operational systems and systems under development.
Provide technical cyber security guidance to IT Administrators, Systems Architect, Systems Engineers, and Software Developers.
Provide system security guidance on the design and implementation of technical policies for user/computer groups and network devices.
Responsible for the design and implementation of security systems across the entire organization's networks, including IDS, firewalls, log capture, host-based protections, vulnerability scanning tools, and more.
Conduct assessments of existing IT architecture for compliance with security requirements from applicable security frameworks.
Analyzes, triages, aggregates, escalates, and reports relevant product security and anti-tamper data and other information sources for attack indicators and potential security breaches.
Provide ISSO and IT administrators with system security level expertise to assist with the gathering/securing of data to support incident investigation and response.
Assist ISSO in monitoring, interpreting, and reacting to security device outputs, create documentation in support of authorization/accreditation packages, and deploy security policies, standards, and guidance.

Willingness to travel 25% to client site.

This position is expected to be 100% onsite. The selected candidate will be required to work onsite at the listed location.

**Pre-Hire: **This position requires an active U.S. Top Secret Security Clearance (US Citizenship Required, i.e. A U.S. Security Clearance that has been active in the past 24 months is considered active.)

Post-Hire: This position requires the ability to obtain and retain Special Access Program (SAP) approval within a reasonable period of time determined by the company to meet its business needs.

**Basic Qualifications (Required Skills & Experience): **

Bachelor’s degree or higher in a technical field
5+ years’ software testing and software verification
Active CompTIA Security+ certified (or similar certification meeting DoD Directive 8570.01 Certification Requirements)
1+ years’ experience working with Information Assurance Policy & RMF
1+ years’ experience with security and vulnerability scanning tools such as ACAS/Nessus, STIG's, and SCC
1+ years’ experience working in complex test planning, development, and execution

Preferred Qualifications (Desired Skills/Experience):

DoD 8570.01-M IAT Level III Certification (e.g., CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP); and IASAE Level II (e.g., CASP+ CE, CISSP (or Associate), CSSLP)
Experience acting as a Test Engineer or Software Assurance Engineer.
Experience with software development tools, such as, DOORS, ClearCase, GitLab, Jira, Coverity, etc.
Experience with developing Threat Modeling, Attack Profiles, Threat and Risk Assessments on aircraft platforms and weapon systems.
Experience with evaluating and refining customer security requirements.
Experience capturing/documenting system security designs throughout the System Development Lifecycle (SDLC) process (e.g., System Diagrams, System Security Plans, Hardware Baselines, Software Baselines, Network Diagrams, Security Controls Traceability Matrices, Standard Operating Procedures, etc.)
Ability to work independently, actively participate on integrated teams, and lead a task, project, or small team.
Experience working in a customer facing role executing Information System Security Vulnerability Assessments, to include conducting customer out briefs and generating reports.
Experience working with multiple technologies such as RHEL 8 and above, and/or CISCO IOS/NXOS, and/or Windows server 2019 and above, and/or Windows 10 or newer.
Experience with multiple scripting languages (e.g., PowerShell, Python, Bash, Ansible, etc.)
Experience creating system security implementation solutions against customer requirements.
Experience with installation and configuration of Splunk Enterprise; to include creation of Apps and Dashboards to audit analysis specifications.
Experience in Group Policy Management and implementation.
Experience with Agile development within a DevSecOps environment.

**Typical Education/Experience: **

Level 3: Education/experience typically acquired through advanced education (e.g. Bachelor) and typically 6 or more years' related work experience or an equivalent combination of education and experience (e.g. Master+4 years' related work experience, 10 years' related work experience, etc.).

Level 4: Education/experience typically acquired through advanced education (e.g. Bachelor) and typically 10 or more years' related work experience or an equivalent combination of education and experience (e.g. Master+8 years' related work experience, 14 years' related work experience, etc.).

Relocation Assistance:

Relocation assistance is not a negotiable benefit for this position. Candidates must live in the immediate area or relocate at their own expense.

Drug Free Workplace:

Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.

At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.

Pay is based upon candidate experience and qualifications, as well as market and business considerations.

Typical Summary Pay Range:

**Level 3: **$124,100 - $167,900

**Level 4: **$154,700 - $209,300

Language Requirements:

Not Applicable

Education:

Bachelor's Degree or Equivalent

Relocation:

Relocation assistance is not a negotiable benefit for this position.

Export Control Requirement:

This is not an Export Control position.

Safety Sensitive:

This is not a Safety Sensitive Position.

Security Clearance:

This position requires an active U.S. Top Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)

Visa Sponsorship:

Employer will not sponsor applicants for employment visa status.

Contingent Upon Award Program

This position is not contingent upon program award

Shift:

Shift 1 (United States of America)

Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud - Recruitment Fraud Warning

Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.

EEO is the law

Boeing EEO Policy

Request an Accommodation

Applicant Privacy

Boeing Participates in E – Verify

E-Verify (English)
E-Verify (Spanish)

**Right to Work Statement **

Right to Work (English)
Right to Work (Spanish)