Job Description
At Boeing, we innovate and collaborate to make the world a better place. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Boeing is seeking an experienced Product Security Engineer to join our growing team in Bristol or Yeovil and help shape the future of integrating security and resiliency across our products and services. Product security engineering is a cross‑cutting engineering function and a critical element of designing, delivering, and maintaining Boeing products and services. Our mission is to influence designs and implement security solutions that protect product integrity. You will join a highly energised team committed to staying ahead of evolving cyber threats, developing innovative security measures, consistent standards, practices, and tools.
As an experienced Product Security Engineer, you will lead development, implementation, and sustainment of product security and resiliency across the requirements, design, build, test, production, operations, and support lifecycle. You will be expected to independently shape technical approaches, influence program‑level decisions, and provide subject matter expertise to internal and external stakeholders.
You will collaborate with a multidisciplinary, enterprise‑wide community to create and apply best practices, tools, and solutions that protect complex systems, including IT, embedded, and non‑IT environments. This role offers the opportunity to solve high‑impact security challenges, influence next‑generation security engineering, and directly contribute to the resilience and certification posture of Boeing’s commercial and defence offerings.
Ideal candidates bring deep knowledge and experience in system security, systems engineering, safety/airworthiness, security architecture, and verification/validation activities. If you are motivated to lead product security initiatives across complex programs and to influence engineering decisions that increase system resilience, we encourage you to apply.
Position Responsibilities
- Develop and implement product security requirements and architectures to satisfy certification, regulatory, and customer requirements.
- Define security design approaches and lead integration of security features into product architectures and designs.
- Conduct and lead cybersecurity risk analysis and threat assessments; evaluate likelihood, impact, and residual risk and determine mitigations.
- Perform and lead security assessments, audits, and vulnerability analyses; prepare mitigation strategies and drive remediation actions.
- Establish and sustain security practices across the product lifecycle through coordination with cross‑functional teams and program leadership.
- Communicate and document product security and certification implications, including security consequences of product modifications, to internal stakeholders, suppliers, and customers.
- Identify and define product security requirements for suppliers of components and subsystems; coordinate supplier security activities and evaluate supplier deliverables for compliance.
- Coordinate with governments, customers, suppliers, and industry to identify program risks and improve industry and regulatory security standards and requirements for programs and interfacing systems.
- Independently conduct research and development activities that result in innovative security solutions, tools, or processes; lead pilot implementations and evaluate outcomes.
- Perform system analysis and trade studies to define technical concepts, security architectures, and optimal security solutions; document rationale and recommendations for program decision makers.
- Develop and improve team tools, processes, and automation to increase productivity and repeatability across programs.
- Lead or contribute to program boards and design reviews: gather and analyse data, prepare briefings, communicate recommendations, and support cross‑team decision making.
- Monitor emerging threats, vulnerabilities, and security technologies; assess applicability to programs and recommend prioritized adoption or mitigations.
- Ensure security of tools, data, networks, and resources used for product design, development, build, test, storage, delivery, operations, and support.
- Respond to program‑level security incidents or findings; coordinate remediation, document results, and communicate status to stakeholders.
- Advise customers and program teams on maintaining product security and certification, including the security consequences of modifying products and services.
Basic Qualifications
- Applied experience in multiple of the following areas: Cybersecurity and security risk / threat assessment, Security architecture, design, and analysis, Network security architecture for embedded and enterprise systems, Embedded systems security and cyber‑physical systems, Systems hardening and security control implementation, Cryptography and PKI design or integration, Security testing, evaluation, and verification activities, Trusted computing & anti‑tamper engineering, Aircraft communications standards & protocols (ARINC 400, 600, 800 series etc.), Secure Software Development Lifecycle (SDLC) and DevSecOps practices.
Preferred Qualifications
- The ability to obtain UK Security Clearance.
- Experience defining Concept of Operations (ConOps), system requirements, and use‑case driven security requirements.
- Broad experience in risk assessment and management, including threat modelling and vulnerability analysis for networked and embedded systems.
- Experience leading or participating in cybersecurity audits, certification activities, and investigations.
- Experience with security incident response, root cause analysis, and trend analysis.
- Familiarity with malware analysis, attack surface reduction, and advanced security analysis techniques.
- Proven knowledge or hands‑on experience with DevSecOps toolchains and automation.
- Familiarity with avionics, embedded computing, and communications systems (ARINC series).
- Proficiency with networking and computing protocols & architectures (TCP/IP, OSI, UDP, serial/parallel communications, bus architectures).
- Understanding of hardware and software integration processes for safety‑critical platforms.
- Familiarity with Secure by Design principles and techniques.
- Experience applying relevant standards and frameworks, including RTCA/EUROCAE: DO‑326B/ED‑202B, DO‑356A/ED‑203A, NIST: Risk Management Framework and SPs 800‑30, 800‑53, 800‑160, ISO/IEC: 27001/27002, 62443, DEFSTAN: 05‑138, 05‑139, and Model‑Based Engineering (MBE) tools and languages such as UML/SysML, 3DX, CATIA, Cameo, and MagicDraw (desirable).
- Proven contributions to industry standards, professional organizations, or cross‑industry working groups are a plus.
Typical Education & Experience
- Typically 5+ years related work experience or an equivalent combination of technical education and experience; demonstrated progression of increasing responsibility on relevant programs.
- Education – Bachelor’s degree or equivalent in Engineering, Engineering Technology, Computer Science, Engineering Data Science, Mathematics, Physics or Chemistry; advanced degree preferred.
- Relevant security and engineering certifications strongly preferred (e.g., CISSP, SABSA, SANS certifications, CISSP‑ISSMP, CISM, or equivalent).
Relocation
This position does not offer relocation. Candidates must live in the immediate area or relocate at their own expense.
What Boeing offers you
- Competitive salary and annual incentive plans.
- Continuous learning: develop the approach and skills to navigate whatever comes next.
- Success as defined by you: provide the tools and flexibility so you can make a meaningful impact, your way.
- Diverse and inclusive culture: embraced for who you are and empowered to use your voice to help others find theirs.
- 23 days plus UK public holidays and a Winter Break between Christmas and New Year.
- Pension plan with 10% employer contribution.
- Company paid BUPA medical plan.
- Short term sickness: 100% pay for the first 26 weeks.
- Long term sickness: 66.67% of annual salary from 27th week.
- Six times annual salary life insurance.
- Learning Together Programme to support your ongoing personal and career development.
- Access to Boeing’s Well Being Programs, tools and incentives.
- Parental leave options are available.
Additional Information
Applications for this position will be accepted until Sept. 30, 2026.
Employer will not sponsor applicants for employment visa status.
This role is hybrid: 3 days per week on site.
Shift: Not a Shift Worker (United Kingdom).
Export Control Requirements: This is not an Export Control position.
Security Clearance: This position requires the ability to obtain United Kingdom Security Check.
Relocation assistance is not a negotiable benefit for this position.
Equal Opportunity Employer
We are an equal opportunity employer. We do not accept unlawful discrimination in our recruitment or employment practices on any grounds including but not limited to race, color, ethnicity, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military and veteran status, or other characteristics covered by applicable law.
We welcome applications from candidates with disabilities. Applicants are encouraged to share any accommodations required during the recruitment process.
#J-18808-Ljbffr…
