Experienced Vulnerability Management Systems DevSecOps
Mesa, Arizona; North Charleston, South Carolina; St Louis, Missouri; Bellevue, Washington
On our cyber teams, you’ll work with leading-edge technology developing solutions for the defense and intelligence communities. While building the future with Boeing, you’ll also help protect it.
of the time
What does it take?
What makes a successful Cybersecurity employee? Check out the info to the right to see if you have what it takes.
- Quick thinking
“ At Boeing, cybersecurity is integral to everything we do and addressed at every stage of system development. I am fortunate to collaborate with talented individuals across different departments to ensure the security of our products. Having served in the military, I am proud to continue to support our troops by ensuring their mission needs are met. ”Jason Shelton Cybersecurity Engineer (Developmental Center), Cyber Test and Evaluation Lead
Most employees are eligible for an annual incentive reward.
Unlimited access to online lessons, certification courses and degree-seeking programs.
12 weeks paid parental leave.
Our 401(k) plan features generous matching and company contributions (up to 11 percent!).
Back to School
Generous funding for hundreds of accredited colleges and universities (up to $25,000 per year for many programs; up to 100% for eligible STEM-studies).
Up to $10,000 in donations and volunteer matching per year.
Experienced Vulnerability Management Systems DevSecOps
At Boeing, we are all innovators on a mission to connect, protect, explore and inspire. From the seabed to outer space, you’ll learn and grow, contributing to work that shapes the world. Find your future with us.
We are looking for an experienced vulnerability Management Systems DevSecOps specialist to join the Information Security Server Controls team, supporting the development of the Vulnerability Management System and monitoring of policy compliance using authoritative configuration data. This position can be located in Bellevue, WA; St Louis, MO; North Charleston, SC; or Mesa, AZ.
This position is designed for experienced secure developers interested in broadening their careers through transition into the field of cybersecurity, specifically through development of software to perform and validate technical controls or across diverse technologies and networks. Initially, the candidate will support development of the Vulnerability Management System (VMS) including expansion and integration of Host Security Health Check (HSHC) into the VMS framework to meet organizational business goals and objectives. Since the core objective of the VMS is to identify and track risk, this position will transition into a cybersecurity DevSecOps specialist over time, guiding and optimizing the development team and aligning with industry best practices.
The VMS is core to the Information Security organization and the identification of risk, tracking of compliance activities, and remediation activities through a systems lifecycle. Mature software engineering skills are required.
The ideal candidate will have broad depth of software development experience along with a foundation of Cybersecurity skills including practical experience with secure application development and secure process design.
- Write and compile complex code and constructs based on documented design or designs application architecture that integrates application software and delivery subsystems for specific applications.
- Perform independent design, programming, testing, implementation and documentation of complex computing applications and software system architectures or computing architecture and computing application system designs.
- Initiate and lead the analysis of end user processes to define application requirements to maximize usability, data integrity, and security.
- Use Agile development methodologies to quickly enhance and adapt the system to meet functional requirements.
- Develop the system capabilities to transition the organization from reactive assessments to context based processes for vulnerability and risk identification
- Mentor less experienced personnel in mature DevSecOps disciplines.
- Act as Cybersecurity liaison to the team, maintaining an awareness of threats, trends, and research in application security.
- Research Cybersecurity practices and advise the team on strategic adoption of secure development and operational techniques
- Communicate current Cybersecurity events and standards to educate the team.
- Optimize the team through DevSecOps continuous learning, guidance, and construction of a CICD framework to support ensure solid change and configuration management using systems engineering best practices to meet SEI/CMM level 3 requirements.
- Ensure end-to-end security of the Vulnerability Management System and integrated/affected systems through hands on testing, threat modeling, and administering technical direction to software development teams, remediating risks upfront, and championing secure implementation efforts.
Technical Skills Required Include:
- This position requires the ability to obtain a US Security Clearance for which the US Government requires US Citizenship
- 2+ years of practical experience with Application Security concepts and vulnerability remediation techniques
- 2+ years of practical experience with DevOps/CI-CD and supporting tools such as TFS, Maven, Gradle, Jenkins, Artifactory, Git
- 5+ years of experience with Object-oriented analysis, design, and programming experience using C#
- 5+ years of Database experience with SQL Server RDMS including SQL, TSQL
- 3+ years of experience with calling/writing REST or SOAP web services
- 3+ years of experience with Working exposure with Agile (Scrum, XP, TDD)
- Experience in using the React framework
- Experience with wireframes and user stories is required.
- Ability to learn new technologies and adapt quickly
- Experience with Python
- Experience using Powershell
- 5+ years of experience with Object-oriented analysis, design, and programming experience using Java
- 5+ years of Database experience with Oracle RDMS including SQL, PL/SQL
- First-time quality focus and quality process optimization
- Experience mentoring junior and senior developer and security practitioners
- Experience with information security best practices
- Experience with .Net or Java APIs
- Experience in cloud-based deployments such as Pivotal Cloud Foundry or OpenStack
- Experience in micro service architecture, design, and implementation
- In-depth knowledge of .Net or Spring Boot and Spring MVC
- Experience with HTML/CSS frameworks like Bootstrap
- Experience with tools such as Eclipse and TOAD
Desired Candidate Competencies:
- Excellent communication skills required
- Ability to work on a matrixed, cross-functional team spanning multiple organizations
- Secure development practices
- Initiating action
- Systems thinking and adaptability
- Mentoring and continuous learning
- Technical research and critical contrast of solution alternatives
- Focus on first time quality and continuous maturity of development disciplines
Typical Education / Experience:
Technical bachelor's degree and typically 5 or more years' related work experience or a Master's degree with typically 3 or more years' or a PhD degree or an equivalent combination of education and experience. A technical degree is defined as any four year degree, or greater, in a mathematic, scientific or information technology field of study.
Relocation assistance is provided for eligible candidates.
Drug Free Workplace:
Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.
All information provided will be checked and may be verified.
Please apply as soon as possible for this role as recruitment may commence before the end date.
Contingent Upon Program Award
No, this position is not contingent upon program award
Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.