Product Security – Cyber – Test Engineer
| Company | The Boeing Company |
|---|---|
| Location | Hazelwood, MO, USA |
| Salary | $91800 – $151800 |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Junior, Mid Level, Senior |
Requirements
- Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), chemistry, physics, mathematics, data science, or computer science
- 1+ years of experience working with Department of Defense (DoD) organizations, projects and/or programs
- 1+ years of experience planning and executing penetration testing of either IT based systems or Avionics embedded systems
- Able to travel both domestically and internationally
Responsibilities
- Execute penetration tests to identify, exploit, and assess a target system’s vulnerabilities in a threat-representative manner on embedded systems and IP-based networks
- Support emulation of advanced cyber adversary tactics, techniques and procedures (TTPs) targeting avionic systems
- Support controlled attack simulations that test the effectiveness of a blue team and its capabilities to detect, block, and mitigate attacks and breaches
- Support development of exploits and malware targeting modern operating systems and defenses
- Support the development of cyber test tools as necessary to achieve threat emulation objectives
- Communicate recommendations for improvements via reports or presentations to customers using common frameworks such as MITRE ATT&CK, Cyber Kill Chain, etc.
- Occasional domestic and international travel as needed
Preferred Qualifications
- 3 or more years of related work experience or an equivalent combination of education and experience
- Demonstrated ability to engage with stakeholders to define/plan/resource/deliver solutions (state years of experience)
- Experience working with Product Security (non-IT) Cyber Compliance and/or Avionics Embedded systems risk management assessment
- Experience supporting Cyber Table Top, Mission Based Cyber Risk Assessment, or equivalent exercises
- Experience evaluating cybersecurity in one or more of the following domains: Windows, Linux, VxWorks, and INTEGRITY Operating Systems; IP-Based Networks; Avionics, Embedded Systems, Non-Standard Ethernet Protocols (ARINC, MIL-STD); RF interfaces
- Experience with cybersecurity compliance frameworks such as NIST CSF, DoD RMF, CMMC or PCI/DSS
- Experience coordinating and presenting technical content to a diverse audience
- Experience designing and/or testing product systems
- Experience with program planning (cost and schedule)
- Experience with Aircraft Platforms, Weapon Systems and/or C5ISR