The Boeing Company
Experienced Product Security Analyst
The Boeing Company, Huntington Beach, California, us, 92615
Job DescriptionAt Boeing, we innovate and collaborate to make the world a better place. From the seabed to outer space, you can contribute to work that matters with a company where diversity, equity and inclusion are shared values. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.Boeing Defense & Space (BDS)
is seeking a motivated & experienced Product Security Analyst to join the Space Intelligence & Weapons Systems(SI & WS) team located in
Huntington Beach, CA .You will be a part of Boeing's Product Security Organization, which is a growing multi-disciplinary engineering organization that is responsible for the security and resiliency of Boeing's products, platforms, and services. You will have multiple responsibilities across the life-cycle of Space, Intelligence, and Weapon Systems programs and products, including the design and development of next generation systems. You will have the opportunity to shape and influence Product Security Engineering in SI&WS, and engage with Boeing’s Enterprise Product Security community.Position Responsibilities:Works in classified environments, evaluating computing systems, products and platforms conformance in order to generate and analyze cybersecurity data.
Makes mitigation recommendations and execute same.
Supports the integration of security and resiliency into products and services throughout the lifecycle of the product/service to meet all applicable certifications and customer requirements.
Researches, analyzes and compiles technical data to support the integration of security and resiliency into products and services throughout the lifecycle of the product/service to meet all applicable certifications and customer requirements.
Supports the research, collection, interpretation, test, and analysis of technical data for system-level product security concepts in the projected operational environments to optimize effectiveness over the program lifecycle.
Supports product security risk/attack surface/vulnerability analyses and security audits of applications and application stacks of various provenances.
Supports the analysis, triage, aggregation, escalation, and reporting of relevant product security and anti-tamper data and other information sources for attack indicators and potential security breaches.
Performs product security risk/attack surface/vulnerability analyses and security audits of applications and application stacks of various provenances.
Analyzes, triages, aggregates, escalates, and reports relevant product security and anti-tamper data and other information sources for attack indicators and potential security breaches.
Analyzes malware and attacker tactics to improve detection capabilities. Coordinates during incidents. Correlates and performs trend analysis Prepares and presents technical reports and briefings
Perform assessments of software assurance activities and products, to ensure the security pedigree of our software solutions
Develops, maintains and identifies improvements for the planning, organization, implementation and monitoring of the requirements management processes.
Works under minimal direction
The role on the team may require obtaining certifications such as Security+ or CISSP to comply with contract requirements
This position is expected to be 100% onsite. The selected candidate will be required to work onsite at one of the listed location options.This position requires an active U.S. Top Secret / Sensitive Compartmented Information (TS/SCI) with Polygraph Security Clearance (US Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active.)Basic Qualifications
(Required Skills & Experience):
(see required education and experience for this level below)Bachelor of Science degree in a relevant field.
3+ years of product security experience.
CompTIA Security+ certification.
Typical Education/Experience:Level 3Education/experience typically acquired through advanced education (e.g.
Bachelor) and typically 6 or more years'
related work experience or an equivalent combination of education and experience (e.g.
Master+4 years' related work experience , 10 years' related work experience, etc.).Relocation:Relocation assistance is not a negotiable benefit for this position. Candidates must live in the immediate area or relocate at their own expense.Drug Free Workplace:Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.Shift:This position is for 1st shift.At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.Pay is based upon candidate experience and qualifications, as well as market and business considerations.Summary pay range for mid-level: $107,950 - $146,050Applications for this position will be accepted until9/13/24.
Export Control Requirements:
U.S. Government Export Control Status: This position must meet export control compliance requirements. To meet export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.15 is required.
“U.S. Person” includes U.S. Citizen, lawful permanent resident, refugee, or asylee.
Export Control Details:
US based job, US Person required
Equal Opportunity Employer:Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.Analytical Skills (Technical)
Skill and ability to: collect, organize, synthesize, and analyze data; summarize findings; develop conclusions and recommendations from appropriate data sources.
Cyber Sec Incident Response
Knowledge of cyber security incident response protocols (e.g., identification, impact assessment, containment, remediation, evidence handling, technical reporting, etc.) and safeguarding information.
Cyber Sys Threat & Environment
Ability to identify susceptibility, survivability, and vulnerability (S/V) of the systems, subsystems and delivery mechanisms, based on the knowledge of characteristics and capabilities of threats (e.g. protocol exploits, identity spoofing, malware injection techniques, application layer vulnerabilities).
Design Concepts & Techniques
Advanced knowledge of design concepts and techniques (e.g., concurrent engineering, Design for Manufacture/Assembly [DFM/A]).
Domain Specific Knowledge
Knowledge of engineering discipline(s) (e.g., electrical, mechanical, software engineering) applied to product related systems (e.g., aircraft, avionics, propulsion, spacecraft, information/ communication systems) throughout the product development life cycle, from concept development to deployment.
Emerging Computing Technology
Knowledge of emerging computing and information technology areas to manage advanced research computing technology proposals, projects and resources.
Engineering Processes
Knowledge of responsibilities and tasks performed by various Engineering departments/disciplines (e.g., design, test, software, technology, avionics). Knowledge of the interaction between departments/disciplines and how their products/processes affect one another and impact non-engineering processes (e.g., Operations, Logistics, Business).
Engr Knowledge/Comprehension
Knowledge of various engineering disciplines such as electrical, mechanical, and systems. The ability to communicate with technical personnel from multiple skill areas and functions to evaluate technical information and issues impacting design, production, and support of products, services, or other deliverables.
Penetration Testing
Skill and ability to perform penetration testing; conduct footprinting, enumeration and reconnaissance; identify and exploit vulnerabilities in networks and systems using manual testing, exploitation, privilege escalation, and evasion techniques.
System Security Processes
Knowledge of system security domains (e.g., information assurance, anti-tamper, intrusion detection, software protection, software assurance, communications security, encryption and key management, network security, reverse engineering, countermeasures, certification and accreditation, special security endorsement) and industry and government guidance and regulations [e.g., Common Criteria, DoD Information Technology Security Certification and Accreditation Process (DITSCAP), National Information Assurance Certification and Accreditation Process (NIACAP), Director Central Intelligence Directive DCID 6/3] which engineers apply to produce secure systems.
Systems Thinking
Ability to understand the big picture and the inter-relationships of all positions and activities in the system, including the impact of changes in one area on another area. This includes the ability to see and understand the inter-relationships between components of systems and plans, anticipate future events, and apply the principles of systems thinking to accelerate performance.
Tech Risk Mgmt & Perf Measure
Knowledge and understanding of the methodology and processes associated with risk management, conducting trade studies including cost as an independent variable (CAIV) trades. Ability to: identify and quantify potential risks areas within specific (depth) and across multiple engineering disciplines (breadth); understand design constraints (technical, cost & schedule); identify and trade alternatives (i.e., trade studies); select/recommend the best plan for mitigating risks; implement and execute plans for mitigating risk; and establish appropriate performance tracking metrics to track risk burndown over time. Ability to effectively utilize risk management tools (iso-risk charts/plots, waterfall, etc) to support program/project execution.
#J-18808-Ljbffr
is seeking a motivated & experienced Product Security Analyst to join the Space Intelligence & Weapons Systems(SI & WS) team located in
Huntington Beach, CA .You will be a part of Boeing's Product Security Organization, which is a growing multi-disciplinary engineering organization that is responsible for the security and resiliency of Boeing's products, platforms, and services. You will have multiple responsibilities across the life-cycle of Space, Intelligence, and Weapon Systems programs and products, including the design and development of next generation systems. You will have the opportunity to shape and influence Product Security Engineering in SI&WS, and engage with Boeing’s Enterprise Product Security community.Position Responsibilities:Works in classified environments, evaluating computing systems, products and platforms conformance in order to generate and analyze cybersecurity data.
Makes mitigation recommendations and execute same.
Supports the integration of security and resiliency into products and services throughout the lifecycle of the product/service to meet all applicable certifications and customer requirements.
Researches, analyzes and compiles technical data to support the integration of security and resiliency into products and services throughout the lifecycle of the product/service to meet all applicable certifications and customer requirements.
Supports the research, collection, interpretation, test, and analysis of technical data for system-level product security concepts in the projected operational environments to optimize effectiveness over the program lifecycle.
Supports product security risk/attack surface/vulnerability analyses and security audits of applications and application stacks of various provenances.
Supports the analysis, triage, aggregation, escalation, and reporting of relevant product security and anti-tamper data and other information sources for attack indicators and potential security breaches.
Performs product security risk/attack surface/vulnerability analyses and security audits of applications and application stacks of various provenances.
Analyzes, triages, aggregates, escalates, and reports relevant product security and anti-tamper data and other information sources for attack indicators and potential security breaches.
Analyzes malware and attacker tactics to improve detection capabilities. Coordinates during incidents. Correlates and performs trend analysis Prepares and presents technical reports and briefings
Perform assessments of software assurance activities and products, to ensure the security pedigree of our software solutions
Develops, maintains and identifies improvements for the planning, organization, implementation and monitoring of the requirements management processes.
Works under minimal direction
The role on the team may require obtaining certifications such as Security+ or CISSP to comply with contract requirements
This position is expected to be 100% onsite. The selected candidate will be required to work onsite at one of the listed location options.This position requires an active U.S. Top Secret / Sensitive Compartmented Information (TS/SCI) with Polygraph Security Clearance (US Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active.)Basic Qualifications
(Required Skills & Experience):
(see required education and experience for this level below)Bachelor of Science degree in a relevant field.
3+ years of product security experience.
CompTIA Security+ certification.
Typical Education/Experience:Level 3Education/experience typically acquired through advanced education (e.g.
Bachelor) and typically 6 or more years'
related work experience or an equivalent combination of education and experience (e.g.
Master+4 years' related work experience , 10 years' related work experience, etc.).Relocation:Relocation assistance is not a negotiable benefit for this position. Candidates must live in the immediate area or relocate at their own expense.Drug Free Workplace:Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.Shift:This position is for 1st shift.At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.Pay is based upon candidate experience and qualifications, as well as market and business considerations.Summary pay range for mid-level: $107,950 - $146,050Applications for this position will be accepted until9/13/24.
Export Control Requirements:
U.S. Government Export Control Status: This position must meet export control compliance requirements. To meet export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.15 is required.
“U.S. Person” includes U.S. Citizen, lawful permanent resident, refugee, or asylee.
Export Control Details:
US based job, US Person required
Equal Opportunity Employer:Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.Analytical Skills (Technical)
Skill and ability to: collect, organize, synthesize, and analyze data; summarize findings; develop conclusions and recommendations from appropriate data sources.
Cyber Sec Incident Response
Knowledge of cyber security incident response protocols (e.g., identification, impact assessment, containment, remediation, evidence handling, technical reporting, etc.) and safeguarding information.
Cyber Sys Threat & Environment
Ability to identify susceptibility, survivability, and vulnerability (S/V) of the systems, subsystems and delivery mechanisms, based on the knowledge of characteristics and capabilities of threats (e.g. protocol exploits, identity spoofing, malware injection techniques, application layer vulnerabilities).
Design Concepts & Techniques
Advanced knowledge of design concepts and techniques (e.g., concurrent engineering, Design for Manufacture/Assembly [DFM/A]).
Domain Specific Knowledge
Knowledge of engineering discipline(s) (e.g., electrical, mechanical, software engineering) applied to product related systems (e.g., aircraft, avionics, propulsion, spacecraft, information/ communication systems) throughout the product development life cycle, from concept development to deployment.
Emerging Computing Technology
Knowledge of emerging computing and information technology areas to manage advanced research computing technology proposals, projects and resources.
Engineering Processes
Knowledge of responsibilities and tasks performed by various Engineering departments/disciplines (e.g., design, test, software, technology, avionics). Knowledge of the interaction between departments/disciplines and how their products/processes affect one another and impact non-engineering processes (e.g., Operations, Logistics, Business).
Engr Knowledge/Comprehension
Knowledge of various engineering disciplines such as electrical, mechanical, and systems. The ability to communicate with technical personnel from multiple skill areas and functions to evaluate technical information and issues impacting design, production, and support of products, services, or other deliverables.
Penetration Testing
Skill and ability to perform penetration testing; conduct footprinting, enumeration and reconnaissance; identify and exploit vulnerabilities in networks and systems using manual testing, exploitation, privilege escalation, and evasion techniques.
System Security Processes
Knowledge of system security domains (e.g., information assurance, anti-tamper, intrusion detection, software protection, software assurance, communications security, encryption and key management, network security, reverse engineering, countermeasures, certification and accreditation, special security endorsement) and industry and government guidance and regulations [e.g., Common Criteria, DoD Information Technology Security Certification and Accreditation Process (DITSCAP), National Information Assurance Certification and Accreditation Process (NIACAP), Director Central Intelligence Directive DCID 6/3] which engineers apply to produce secure systems.
Systems Thinking
Ability to understand the big picture and the inter-relationships of all positions and activities in the system, including the impact of changes in one area on another area. This includes the ability to see and understand the inter-relationships between components of systems and plans, anticipate future events, and apply the principles of systems thinking to accelerate performance.
Tech Risk Mgmt & Perf Measure
Knowledge and understanding of the methodology and processes associated with risk management, conducting trade studies including cost as an independent variable (CAIV) trades. Ability to: identify and quantify potential risks areas within specific (depth) and across multiple engineering disciplines (breadth); understand design constraints (technical, cost & schedule); identify and trade alternatives (i.e., trade studies); select/recommend the best plan for mitigating risks; implement and execute plans for mitigating risk; and establish appropriate performance tracking metrics to track risk burndown over time. Ability to effectively utilize risk management tools (iso-risk charts/plots, waterfall, etc) to support program/project execution.
#J-18808-Ljbffr