At Boeing, we innovate and collaborate to make the world a better place. From the seabed to outer space, you can contribute to work that matters with a company where diversity, equity and inclusion are shared values. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
We're looking for Associate Product Security Analysts
to join our established team within Boeing Commercial Airplanes.
The ideal candidates will have knowledge of cyber security concepts and techniques including network architecture, embedded systems security, cyber physical systems or PKI infrastructure.
The successful candidate will be able to demonstrate some technical skills and capabilities in the support of testing Ethernet enabled systems onboard aircraft and associated ground systems. Activities include but are not limited to white box and black box testing of systems to evaluate security controls and system design for vulnerabilities. Position Responsibilities:
This position must meet Export Control compliance requirements, therefore a "US Person" as defined by 22 C.F.R. 120.15 is required. "US Person" includes US Citizen, lawful permanent resident, refugee, or asylee. Employer will not sponsor applicants for employment visa status. Basic Qualifications (Required Skills and Experience):
- Assist engineers to conduct vulnerability assessments and penetration testing.
- Assist in analyzing architecture and system functionality for a broad range of technologies. Assist in conducting automated scanning and manual testing.
- Evaluate system security configurations.
- Perform exploit analysis and author exploitation tools/techniques.
- Assist evaluating findings and perform root cause analysis.
- Assist with in preparing and presenting technical reports and briefings.
- Assist in conducting customer remediation reviews.
- Familiarity with common ports, protocols, and services such as SSL, SSH, TCP/IP, UDP, DNS, NFS, LDAP, HTTP.
- Knowledge of public key infrastructure, certificates, and public/ private key pairs, hashes, and checksums.
- Ability to analyze and correlate events in Linux audit logs, security logs, syslogs and application logs.
- Excellent problem-solving skills and the ability to evaluate findings and conduct root cause analysis.
- Ability to identify likely attack chain based on architecture of systems and communicate risk.
- Supports the integration of security and resiliency into products and services throughout the lifecycle of the product/service to meet all applicable certifications and customer requirements.
- Supports the research, collection, interpretation, test, and analysis of technical data for system-level product security concepts in the projected operational environments to optimize effectiveness over the program lifecycle.
- Supports product security risk/attack surface/vulnerability analyses and security audits of applications and application stacks of various provenances.
- Supports the analysis, triage, aggregation, escalation, and reporting of relevant product security and anti-tamper data and other information sources for attack indicators and potential security breaches.
- Assists in coordination during incidents.
- Supports the correlation and performance of trend analysis.
- Analyzes malware and attacker tactics to improve detection capabilities.
- Prepares and presents basic technical reports and briefings.
Preferred Qualifications (Desired Skills and Experience):
- Technical Bachelor's, Master's or a PhD degree (A technical degree is defined as any four-year degree, or greater, in a mathematics, scientific or information technology field of study)
- 3+ years of work-related experience in Cybersecurity
- Experience and/or coursework in cybersecurity, security network architecture, embedded systems security, security testing and evaluation, network design,cyber physical systems or PKI infrastructure.
Typical Education/ Experience:
- Possess any of these certifications:CISSP, Security+, CEH, CCNA, UNIX/LINUX System Administration, GIAC GPEN or GWAPT
Education/experience typically acquired through advanced education (e.g. Technical Bachelor's) and typically 3 or more years' related work experience or an equivalent combination of education and experience (e.g. Master+1 year's related work experience, 7 years' related work experience, etc.). Relocation:
This position offers relocation based on candidate eligibility. Employee Referral Program:
This job is eligible for the Employee Referral Program Drug Free Workplace:
Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies. Shift:
This position is for 1st shift Equal Opportunity Employer:
Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.