Information System Security Officer
- Develops, deploys and/or maintains enterprise-wide computing and information security requirements, policies, standards, guidelines and procedures for a stakeholder organization or program/sub program.
- Advises on a broad range of compliant information security and data protection requirements.
- Determines acceptability of unique configurations and verifies security parameter placement.
- Participates in security assessments and audits.
- Evaluates, communicates, and mitigates computing and information security risks by ensuring appropriate processes are in place and followed so that systems are compliant with applicable requirements.
- Develop policies and provide oversight for protection of computing security systems.
- Perform security analysis of operational environments, threats, vulnerabilities and internal interfaces to define and assess compliance to accepted industry and government standards.
- Configure various operating systems such as Windows, Linux, and UNIX to meet National Industrial Security Program Operating Manual (NISPOM) standards.
- Develop documentation for Authorization for new and existing systems in accordance with NISPOM and Risk Management Framework (RMF).
- Conduct vulnerability and compliance assessments against systems and networks to determine risk posture using Assured Compliance Assessment Solution (ACAS) Tenable Nessus tool suite.
- Provide audit compliance and assessment support using automated IA tools.
- Review electronic and manual audit logs and investigate any anomalies or security incidents.
- Analyze new technologies, both hardware and software, to determine security vulnerabilities and generate mitigation strategies.
- Assist in security investigations and incident response.
- Interface with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms to ensure understanding of and compliance with government and company computing security requirements.
- Ensure that customer needs are effectively promoted in policy and security standards.
- Develop information security training materials and processes as well as train general and privileged users on computing security processes, policies and procedures.
This job requires documenting and presenting for authorization System Security Plans (SSP), Security Assessment Reports (SAR), and other written documentation as required by NISPOM, NIST SP 800-53, NIST SP 800-37 and other directives.
Boeing is the world's largest aerospace company and leading manufacturer of commercial airplanes and defense, space and security systems. We are engineers and technicians. Skilled scientists and thinkers. Bold innovators and dreamers. Join us, and you can build something better for yourself, for our customers and for the world.
Division: Security and Fire Protection
Relocation Assistance Available: No. Relocation assistance is not a negotiable benefit.
This position must meet Export Control compliance requirements, therefore a “US Person” as defined by 22 C.F.R. § 120.15 is required. “US Person” includes US Citizen, lawful permanent resident, refugee, or asylee.
This position requires an active (or ability to obtain) U.S. Security Clearance, for which the US Government requires US Citizenship.
Current Secret Security Clearance - US Citizenship Required
Applicant must have ability to obtain a Top Secret security clearance post-hire.
IAM Level 1 (or higher) DoD 8570 Certification (i.e. CAP, GSLC, Security+ CE, CISSP, CASP, CISM, GSLC).
Typical Education & Experience:
Technical bachelor's degree and typically 5 or more years' related work experience or a Master's degree with typically 3 or more years' or a PhD degree or an equivalent combination of education and experience. A technical degree is defined as any four year degree, or greater, in a mathematic, scientific or information technology field of study.
Experience Level: Individual Contributor
Job Type: Standard
Travel: Yes, 10 % of the Time
Contingent Upon Program Award: No
Job Code: BAUNP3
Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other characteristics protected by law.
Company Type: Public Company
Company Size: 10,001+
- Cyber Security Assessment Specialist
- Cyber Security Assessment Specialist
- Cyber Security Assessment Specialist (C2BMC)
- Cyber Security Specialist
- Cyber Security Specialist - Level 2
- Cyber Security/Vulnerability Testing Specialist
- Information System Security Officer
- Sr. Cyber Security Assessment Specialist
- Systems Engineer: Cybersecurity / Information Assurance (Mid-Career)