Product Security Engineer

At Boeing, we innovate and collaborate to make the world a better place. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.

The Boeing Defense, Space, and Security (BDS) Engineering division is looking for a two Product Security Engineers (Level 4/5) to join a team in Albuquerque, NM. At Boeing, we are all innovators on a mission to connect, protect, explore and inspire.

• Develop, implement, and sustain product security and resiliency throughout the requirements, design, build, test, production, operations, and support lifecycle.
• Develop and enhance system requirements and architectures for product security to meet all applicable certification and customer requirements.
• Ensure security of facilities, equipment, tools, data, networks, and resources used for product: design, development, build, test, storage, delivery, operations, and support.
• Define and identify product security requirements for suppliers of components and subsystems for integration into Boeing products and services.
• Coordinate with government, customers, suppliers, and industry to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems.
• Conduct research and development activities that result in innovative solutions.
• Advise customers on maintaining product security and certification, including security consequences of modifying products and services.

• Level 4 - Education/experience typically acquired through advanced technical education from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), computer science, engineering data science, mathematics, physics or chemistry (e.g. Bachelor) and typically 9 or more years' related work experience or an equivalent combination of technical education and experience or non-US equivalent qualifications. In the USA, ABET accreditation is the preferred, although not required, accreditation standard.
• Level 5 - Education/experience typically acquired through advanced technical education from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), computer science, engineering data science, mathematics, physics or chemistry (e.g. Bachelor) and typically 14 or more years' related work experience or an equivalent combination of technical education and experience or non-US equivalent qualifications. In the USA, ABET accreditation is the preferred, although not required, accreditation standard.
• Skills and abilities
  
  to: collect, organize, synthesize, and analyze data; summarize findings; develop conclusions and recommendations from appropriate data sources. Develop and support security developmental and operational test planning & execution.
• Engineering-focused experience in incident response, designing and implementing technical controls and workflows to detect, contain, and remediate cyber incidents while preserving forensic integrity.
• Ability to identify susceptibility, survivability, and vulnerability (S/V) of the systems, subsystems and delivery mechanisms, based on the knowledge of characteristics and capabilities of threats (e.g. protocol exploits, identity spoofing, malware injection techniques, application layer vulnerabilities).
• Knowledge of emerging computing and information technology areas to manage advanced research computing technology proposals, projects and resources.
• Knowledge of system security domains (e.g., information assurance, anti-tamper, intrusion detection, software protection, software assurance, communications security, encryption and key management, network security, reverse engineering, countermeasures, certification and accreditation, special security endorsement) and industry and government guidance and regulations which engineers apply to produce secure systems. Experience with performing system security engineering activities that follow NIST 800-160. Strong understanding of secure network architecture and design.
• Experienced in engineering requirements decomposition. Demonstrated expertise in implementing and maintaining DoD security policies and regulations, including threat & risk assessments, accreditation processes, and continuous monitoring to ensure mission assurance and compliance.
• Knowledge and understanding of the methodology and processes associated with risk management, conducting trade studies including cost as an independent variable (CAIV) trade. Ability to: identify and quantify potential risks areas within specific (depth) and across multiple engineering disciplines (breadth); understand design constraints (technical, cost & schedule); identify and trade alternatives (i.e., trade studies); select/recommend the best plan for mitigating risks;
  
  implement and execute plans for mitigating risk; and establish…