Product Security (System Security) Engineering Test Lead
Why This is an Exciting Role:
As a Product Security (System Security) Engineering Test Lead at Boeing Intelligence & Analytics you will be responsible for leading development, implementation, and sustainment of product security and resiliency throughout the requirements, design, build, test, production, operations, and support lifecycle. You will lead development and enhancement of system requirements and architectures for product security to meet all applicable certification and customer requirements. You will ensure security of facilities, equipment, tools, data, networks, and resources used for product: design, development, build, test, storage, delivery, operations, and support. You define and identify product security requirements for suppliers of components and subsystems for integration into Boeing products and services. You will coordinate with governments, customers, suppliers, and industry to identify risks and improve industry and regulatory security standards and requirements for programs and interfacing systems. You will lead research and development activities resulting in innovative solutions. You will advise customers on maintaining product security and certification, including security consequences of modifying products and services.
What Makes BI&A Different:
As a fully owned subsidiary of The Boeing Company, BI&A offers an optimal mix of a small company environment with exceptional opportunities supported by a large corporation.
Every day, Boeing Intelligence & Analytics supports global missions by building and delivering intelligence, analytics, and cyber solutions that enable users to advance national security. From hardware and software engineering solutions to analytics that keep this nation safe, we create value that meets users’ needs. With vibrant partnerships and innovative approaches, we serve the Intelligence Community through innovation and vision. We have provided our customers with the tools needed to counter evolve global and cyber threats, and to improve wartime decision-making.
- Our talented employees bring software development, systems engineering, and advanced analytics expertise.
- We offer numerous prime contract opportunities with customers headquartered in Maryland, Virginia, and the District of Columbia, as well as subcontract opportunities that align with our areas of focus and additional opportunities nationwide through our parent company.
- We have current open positions on awarded programs across diverse customer sets and are anticipating upcoming contract awards with a 5-year life cycle and an additional 5 option years.
- Our diverse portfolio allows our employees to move to other projects and teams as they gain further proficiency in their current skill set and learn new skill sets along the way.
- We offer hands-on access to cutting-edge technologies and a culture of technical excellence.
Experience and Qualifications:
To be eligible for this demanding position, the ideal candidate should demonstrate the following experience and qualifications:
Product Security Engineering
- Assess risks, threats and vulnerabilities of the product assets and production systems in accordance with accepted industry, professional, and government standards to ensure security design integrity, availability, confidentiality, and regulatory compliance
- Support the execution of recurring and maturing Product Security Engineering analysis, design, implementation, and test across the SITR program and teams, and responsible engineers in partner teams
- Perform incremental criticality, adversity, and threat analysis on complex, highly technical systems.
- Apply systematic, functional and fact-based analysis techniques and tools throughout life‑cycle and product maturation.
- Coordinate incremental analysis of systems, components, and suppliers for risks, vulnerabilities, and threats
- Aid in collaborative design & development strategy with responsible engineers for traceable mitigations, including design constraints and concepts to minimize risk and vulnerability and increase GMD system resiliency and assurance
- Partner and fully integrate with the SITR software development SCRUM team
- Champion and Participate fully in Agile planning and execution
Cyber Test
- Analyze test results and offer possible solutions/mitigations for findings
- Follows documented procedures to perform tests or inspections and collects data for evaluation of process equipment, software, solutions, products or materials
- Assists with the development or improvement of inspection or test techniques
- Lead/Mentor junior engineers, assess knowledge gaps and provide training plans
- Develop and coordinate Product Security test plans and activities (penetration testing, cooperative and non-cooperative vulnerability testing, adversarial analysis and testing, cyber table top exercises (use cases), and advanced virtual/emulated testing) throughout the maturation of program life-cycle
- Develop and mature enterprise Product Security T&E best practices and solutions
- Document procedures for performing cyber testing
- Present findings to both test stakeholders and risk boards
- Execute planning and execution of cybersecurity testing, penetration testing, or assessment events
- Execute system analysis & tests for cyber threats and test activities
- Support test planning, integration, execution, and post-test activities with the government customer
- Investigate possible test avenues to provide to test execution team during testing events
- Assist with improving implementation and execution of cyber test events
- Openly communicate and collaborate across engineering and non-engineering functions.
- Participate in all phases of test from test planning, execution, and post-test activities such as analysis
- Supervise red/blue teams during test execution
Required Education and Years of Experience:
Education/experience typically acquired through advanced technical education from an accredited course of study in engineering, computer science, mathematics, physics or chemistry (e.g. Bachelor) and typically 9 or more years related work experience or an equivalent combination of technical education and experience (e.g. PhD+4 years related work experience, Master+7 years related work experience). In the USA, ABET accreditation is the preferred, although not required, accreditation standard.
Required Qualifications:
- Bachelor Degree and/or Military experience and/or Combination of education and work experience equivalent to 13 years.
- Cybersecurity IAT/IAM Level 2 Certificate or higher IAT/IAM level: IAT Level 2.
- This position requires the ability to obtain a U.S. Security Clearance for which the U.S. Government requires U.S. Citizenship.
This position requires clearing a background check and an enhanced Personal Conflict of Interest (PCI) requirements as a condition for employment.
Desired Qualifications:
- Project management experience.
- Experience collaborating with government customer and external stakeholders.
- Strong oral and written communication skills.
- Experience with Vulnerability assessment and/or Penetration Test
- Experience with industry standard cybersecurity frameworks (DO-178, NIST, OWASP, DFARS)
- 2+ year of experience working in virtualized environments
- Strong understanding of both Linux and Windows
- Experience writing test plans and analyzing test reports to provide solutions addressing identified cyber deficiencies
- Experience with modern attack techniques and tools used for penetration testing
- Previous experience briefing test findings to a non-technical audience
- Self-motivated and able to take on multiple tasks simultaneously
- Mentor other members of the team
Telework Availability: This position is expected to be 100 onsite.
Work Location: Huntsville, AL
Summary Pay Range:
Please note that the information shown below is a general guideline only. Pay is based upon candidate experience and qualifications, as well as market and business considerations.
$112,700.00 - $161,000.00