Boeing’s Information Security Cyber Intel and Assessment team has an immediate need for a professional security assessor to conduct vulnerability assessments on a wide variety of mobile, web and thick client applications. This is an opportunity for a team player who would like to work with a world-class team, and is eager to grow their cybersecurity skills.
Primary Job Duties:
- Conduct application security assessments and penetration tests (web application, web service, mobile, thick client, etc.). These assessments involve manual testing utilizing pen testing tools, manual techniques, and analysis as well as the use of automated application vulnerability scanning/testing tools and/or code review tools.
- Write assessment report of findings, debrief via conference calls to system owners and consult on remediation options.
- Retest security vulnerabilities that have been identified as fixed to verify remediation is effective.
- Contribute to security assessment, tooling, and reporting methodology enhancements.
- Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices
Boeing is the world's largest aerospace company and leading manufacturer of commercial airplanes and defense, space and security systems. We are engineers and technicians. Skilled scientists and thinkers. Bold innovators and dreamers. Join us, and you can build something better for yourself, for our customers and for the world.
CIO, Information & Analytics
Relocation Assistance Available
Yes. Available for eligible candidates, if authorized.
This position requires the ability to obtain a US Security Clearance, for which the US Government requires US Citizenship.
Technical bachelor's degree and typically 5 or more years' related work experience or a Master's degree with typically 3 or more years' experience. A technical degree is defined as any four yeardegree, or greater, in a mathematic, scientific or information technology field of study.
- 3+years’ experience performing application security assessments using manual techniques plus dynamic vulnerability testing tools (including web proxies, scanners, sniffers, and fuzzers) and static code review tools to identify exploitable vulnerabilities, including testing techniques used to exploit vulnerabilities in the OWASP top 10 and OWASP Mobile top 10 lists.
- 3+ years’ experience with Android and iOSarchitectures, their respective security models, IDEs, programming languages (e.g. Java, Objective C, Swift, Kotlin), hacking methodologies, and tools, SQLite.
- 3+ years’ experience in various system administrator tasks on Windows and Linux operating systems.
- Knowledge of common server applications such as IIS, Apache, LDAP, Tomcat, ssh is highly desired.
- Knowledge of common network protocols such as HTTP/HTTPS, TCP/IP, UDP is highly desired.
- Professional certifications like OSCP, CISSP, CEH, GIAC etc. are nice to have.
- Strong written and verbal communication skills are required.
- Strong interpersonal skills are highly desired.