Product Security Analyst (Experienced or Senior)

About The Position

Requirements

• Currently have bachelor’s degree or higher
• 3+ years of experience working with Department of Defense (DoD) organizations, projects and/or programs
• 3+ years of experience directing and executing projects in accordance with stakeholder objectives and schedules
• 3+ years of experience in product security, cybersecurity research, or a related field
• 3+ years of experience planning and executing penetration testing of either IT based systems or Avionics embedded systems
• Experience in system and software architectures
• This position requires an active U.S. Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)
• This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.62 is required. “U.S. Person” includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee.

Nice To Haves

• 5 or more years of related work experience or an equivalent combination of education and experience
• Experience performing adversity (threat) analysis, security risk assessments, and maturing the analysis throughout the development lifecycle
• Experience hosting events like Cyber Table Tops and Mission Based Cyber Risk Assessments
• Experience working with stakeholders to integrate, plan and execute test events
• Demonstrated ability to engage with stakeholders to define/plan/resource/deliver solutions (state years of experience)
• Experience working with Product Security (non-IT) Cyber Compliance and/or Avionics Embedded systems risk management assessment
• Experience supporting Cyber Table Top, Mission Based Cyber Risk Assessment, or equivalent exercises
• Experience evaluating cybersecurity in one or more of the following domains: Windows, Linux, VxWorks, and INTEGRITY Operating Systems IP-Based Networks Avionics, Embedded Systems, Non-Standard Ethernet Protocols (ARINC, MIL-STD) RF interfaces
• Experience with cybersecurity compliance frameworks such as NIST CSF, DoD RMF, CMMC or PCI/DSS
• Experience designing and/or testing product systems
• Experience with program planning (cost and schedule)

Responsibilities

• Execute penetration tests to identify, exploit, and assess a target system’s vulnerabilities in a threat-representative manner on embedded systems and IP-based networks
• Implement test campaigns aligned with the DoD Cybersecurity T&E best practices
• Conduct Mission Based Cyber Risk Assessments (MBCRAs) and Cyber Table Tops (CTTs)
• Define cyber test plans and schedules for complex architectures and translate to actionable tasks
• Perform event planning in coordination with multiple stakeholders
• Provide team leadership, direction, and coordination resulting in test readiness
• Align technical test findings to stakeholder objectives and map attack surface coverage
• Coordinate prioritization and completion of test cases in accordance with the test plan
• Complete post-test reporting as a part of the test team
• Represent Product Security T&E in engagements with Boeing, suppliers and customer leadership
• Develop and mature Product Security T&E processes, best practices, and solutions
• Occasional domestic and international travel as needed

Benefits

• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• paid and unpaid time away from work