The Boeing Company is looking for an Associate Software Security Engineer to support Secure Coding, Certification, and Software Assurance across various programs in Boeing Commercial Airplanes (BCA) and Boeing Defense, Space, and Security (BDS). The successful candidate will be responsible for driving the development, implementation, and sustainment of product security and resiliency throughout the software development lifecycle, protecting our commercial and military airplanes’ products and the aviation ecosystem.
Requirements
- 1+ years of experience factoring and applying confidentiality, integrity and availability considerations within the software development lifecycle
- Proficient with one or more programming languages (e.g. C, C++,Python)
- 2+ years of experience with the Software Development Lifecycle to include implementing DevSecOps principles within CI/CD Pipelines
- Experience with Systems Security Engineering and breaking down requirements
- Experience in security architectures, network security, embedded systems security, security testing and evaluation, network design, PKI infrastructure
- Knowledge of Secure Software Development Framework (NIST SP 800-218), or CISA Self-Attestation Common Form
- Experience securing cloud-based infrastructure and architecture (preferably AWS)
Responsibilities
- Assess the adversity faced by software subsystems in the context of the larger system
- Secure cloud-based software development environments
- Manage risk in accordance with accepted industry, professional, and government standards to ensure security design integrity, availability, confidentiality, and regulatory compliance
- Develop security requirements and coordinate with multiple system stakeholders to identify, properly implement, and verify security measures to mitigate the risks, threats, and vulnerabilities
- Perform requirements verification on software security engineering products using inspection, analysis, demonstration, and test methods
- Perform Common Vulnerabilities and Exploits (CVE) analysis and coordinate with system stakeholders to appropriately mitigate and address to reduce likelihood and consequences of CVE impacting system operation
- Deploy DevSecOps best practices into Program pipelines, including tool selection, configuration, and analysis
Other
- This position is expected to be 100% onsite.
- Excellent written/oral communication skills to effectively convey cybersecurity concepts across business and technical stakeholders
- 2+ years of experience in a role that required teaming and collaboration skills, and ability to work well with a geographically dispersed cross-functional and matrix team
- This position requires the ability to obtain a U.S. Security Clearance for which the U.S. Government requires U.S. Citizenship.
- Employer will not sponsor applicants for employment visa status.
