Product Security Software Engineer (Mid-Level or Experienced)

The selected Product Security Software Engineer will derive requirements for software security based on Department of Defense (DoD) standards and compliance in order to develop a secure variant of the Yocto Linux operating system for use in Boeing platforms, test environments, and open-source applications across our industry. This position will provide technical support and guidance in the adoption of secure architectures and practices based on DoD requirements in order to ensure the Operating System is designed, implemented, and operated to meet DoD certifications. The Selected Engineer will be responsible to define the security functional requirements, their breakdown into lower tiers and provide a design assurance approach to the security objectives for the project. Additionally, the Selected Engineer will be responsible for creation of necessary support documentation to support DoD accreditations and deliverables of the Operating System.

This position can be based out of Berkeley, MO; Huntington Beach, CA; Maryland Heights, MO; Mesa, AZ; or Oklahoma City, OK.

Position Responsibilities:

• Identify security practices and artifacts necessary for DoD Accreditation of this real-time embedded operating system
  
• Provide guidance on architecture and solutions to address threats and meet derived requirements
  
• Engage with customers to demonstrate our compliance with DoD security governance
  
• Familiarity with Linux Kernel Security and Real Time Operating Systems
  
• Familiarity with DevSecOps software factory and provide security artifacts to show software security within a pipeline
  
• Perform vulnerability management of risks, threats, and vulnerabilities identified during and after system development
  

This position is hybrid. This means that the selected candidate will be required to perform some work onsite at one of the listed location options. This is at the hiring team's discretion and could potentially change in the future.

This position requires the ability to obtain a U.S. Security Clearance for which the U.S. Government requires U.S. Citizenship. An interim and/or final U.S. Secret clearance Post-Start is required.

Basic Qualifications (Required Skills/Experience):

• Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science
  
• Experience Hardening a custom Operating System (preferably SELinux)
  
• Experience with expertise in Compliance and certification of an operating system (for example ANSSI-BP-28 or NIST 800-153)
  
• Experience developing software for real-time embedded systems
  
• Experience with security tools, for example software composition analysis/software bill of materials, and vulnerability scanning
  
• Experience with security infrastructure, product and cybersecurity systems analysis, design, development, and testing
  
• Experience with agile software development
  
• Experience with industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE)
  
• Experience with experience with Federal Information Security Management Act (FISMA)/RMF and National institute of Standards and Technology (NIST) 800-53 requirements
  
• Familiarity with NIST SP 800-37, Risk Management Framework, the Joint Special Access Program (SAP) Implementation Guide (JSIG), and NIST SP 800-53, Rev 4, Security and Privacy Co
  

Preferred Qualifications (Desired Skills/Experience):

• 5 or more years' related work experience or an equivalent combination of education and experience
  
• Understanding of the cybersecurity standards and practices defined within DO-178C, NIST 800-171 and or Cybersecurity Maturity Model Certification (CMMC) domains
  
• Experience with DevSecOps principles and tools, for example, CI/CD, IaC, CaC, SaC, Gitlab, Terraform, Ansible, Kubernetes, Docker
  
• Experience working in a cloud environment
  
• Experience with Real Time Embedded Operating Systems
  
• Experience in the aerospace and defense industry
  
• Training or Certifications including CISSP, CSSLP, Security +, Cloud +, Certified Cloud Security Professional (CCSP), AWS certifications, or equivalent
  

Typical Education/Experience:

Mid-Level (Level 3)

Education/experience typically acquired through advanced technical education from an accredited course of study in engineering, computer science, mathematics, physics or chemistry (e.g. Bachelor) and typically 5 or more years' related work experience or an equivalent combination of technical education and experience (e.g. PhD, Master+3 years' related work experience). In the USA, ABET accreditation is the preferred, although not required, accreditation standard.

Experienced (Level 4)

Education/experience typically acquired through advanced technical education from an accredited course of study in engineering, computer science, mathematics, physics or chemistry (e.g. Bachelor) and typically 9 or more years' related work experience or an equivalent combination of technical education and experience (e.g. PhD+4 years' related work experience, Master+7 years' related work experience). In the USA, ABET accreditation is the preferred, although not required, accreditation standard.

Relocation:

Relocation assistance is not a negotiable benefit for this position. Candidates must live in the immediate area or relocate at their own expense.

Drug Free Workplace:

Boeingis a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.

Shift Work Statement:

This position is for 1st shift.

At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.

Pay is based upon candidate experience and qualifications, as well as market and business considerations.

Summary pay range for Mid-Level: $104,550 - $162,150

Summary pay range for Experienced: $127,500 - $197,800

Applications for this position will be accepted until April 8th, 2024

Export Control Requirements: U.S. Government Export Control Status: This position must meet export control compliance requirements. To meet export control compliance requirements, a "U.S. Person" as defined by 22 C.F.R. §120.15 is required. "U.S. Person" includes U.S. Citizen, lawful permanent resident, refugee, or asylee.

Export Control Details: US based job, US Person required

Equal Opportunity Employer:

Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.