AppSec Jobs
← Back to all jobs

Boeing

Senior Software Security Engineer

Onsite
Seattle, WAPosted 1 week agoSenior (Level 4): $173,400 - $234,600; Senior (Level 5): $218,450 - $295,550Website
Apply on LinkedIn →

At a Glance

5+ years experienceCI/CDDevSecOpsCS/Security Degree

About This Role

The Boeing Company is looking for a Software Security Engineer to join the Enterprise Product Security Software organization in Seattle, WA or Everett, WA, to support Secure Coding, Certification, and Software Assurance across various programs in Boeing Commercial Airplanes (BCA); Boeing Defense, Space, and Security (BDS); and Boeing Global Services (BGS). The teams are currently hiring for Senior (Level 4) or Senior (Level 5) Software Safety Engineers. The successful candidate will shape the way products are built securely, from conception to fielded systems. This position will influence frameworks, tools, and Boeing's security culture. As a member of the Enterprise Product Security Software organization, you will have support from security experts across all business units, and exposure to a large variety of products and services. With a focus on Software Security, you will be accountable for the security of software products and pipelines across the world's leading portfolio of commercial and defense airplanes, satellites and weapons.

Responsibilities

  • Partner with the Software Engineering organization and cross-functional stakeholders to drive and deploy software security requirements across Boeing commercial programs
  • Liaison with Boeing commercial programs for enterprise software assurance initiatives
  • Design and assess system, software, and product architectures for security risks and alignment with industry and Boeing software assurance principles and practices
  • Participate in Technical Design Reviews, representing enterprise software assurance
  • Define and deploy software assurance policy, standards, processes, and recommendations across the Software Development Lifecycle in accordance with Boeing strategy, industry, and government standards
  • Engage with industry and regulatory bodies to influence updates to regulation, frameworks, and standards
  • Manage risk in accordance with accepted industry, professional, and government standards to ensure security design integrity, availability, confidentiality, and regulatory compliance
  • Develop security requirements and coordinate with multiple system stakeholders to identify, properly implement, and verify security measures to mitigate risks, threats, and vulnerabilities
  • Identify improvements to ensure software implementation is aligned to industry and Boeing software assurance best practices
  • Apply practical knowledge of software assurance concepts (secure design principles, OWASP, SAST/DAST, SBOMs, supply chain considerations, etc.)

Requirements

DevSecOpsCI/CD
  • Bachelor of Science degree in Engineering, Engineering Technology (including Manufacturing Technology), Computer Science, Data Science, Mathematics, Physics, Chemistry or non-US equivalent qualifications directly related to the work statement
  • 9+ years of related work experience or an equivalent combination of education and experience
  • 5+ years of experience in a role that required teaming and collaboration skills, and ability to work well with a geographically dispersed cross-functional and matrix team
  • Experience managing and/or leading security design and architecture
  • 9+ years of experience factoring and applying confidentiality, integrity, and availability considerations in all phases of the system development lifecycle
  • Experience with the Software Development Lifecycle (SDLC)
  • Experience with DevSecOps and Continuous Integration and Continuous Deployment (CI/CD) tools and execution
  • Experience with aerospace/aviation software requirements, design, and design analysis (preferred)
  • Experience with system security engineering or systems engineering (preferred)
  • Senior (Level 5): 14+ years related work experience or an equivalent combination of education and experience (preferred)

Benefits & Perks

Generous company match to your 401(k)
Industry-leading tuition assistance program pays your institution directly
Fertility, adoption, and surrogacy benefits
Up to $10,000 gift match when you support your favorite nonprofit organizations
Health insurance
Flexible spending accounts
Health savings accounts
Retirement savings plans
Life and disability insurance programs
Paid and unpaid time away from work

About Boeing

Boeing is a prominent American aerospace and defense company, established in 1916 by William E. Boeing. Originally named Pacific Aero Products Company, it has grown into one of the largest manufacturers of commercial and military aircraft in the world. Boeing is known for its innovative aircraft, including the 737, 747, 777, and 787 Dreamliner families, which serve airlines globally. The company operates in various sectors, focusing on designing, manufacturing, and selling airplanes, rotorcraft, rockets, satellites, telecommunications equipment, and missiles. Boeing also provides leasing and product support services. Its defense division produces military aircraft, helicopters, satellites, and missile defense systems. Additionally, Boeing invests in advanced aerospace technologies, including autonomous systems and sustainable aviation solutions, while offering maintenance, training, and logistics support to its customers. Boeing serves a diverse clientele, including commercial airlines, governments, and defense agencies, and collaborates with space agencies and telecommunications providers. Its legacy is marked by pioneering designs and a commitment to innovation in the aerospace industry.

Industry

aviation & aerospace

Employees

172,000

38550 engineers

Revenue

$67B

Website

Visit →

Security at Boeing

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Boeing's Application Security (AppSec) approach is deeply integrated into its product lifecycle and emphasizes a proactive, risk-managed strategy.
  • The company focuses on securing software products and pipelines, cloud-based development environments, and operational technology.
  • This is achieved through a combination of established security principles, industry standards, and continuous improvement processes.
  • Boeing's stated AppSec mission is to "develop, implement, and sustain security and resiliency throughout the product requirements, design, build, test, production, operations, and support lifecycle."The company manages "risk in accordance with accepted industry, professional, and government standards to ensure security design integrity, availability, confidentiality, and regulatory compliance,"and conducts "regular risk assessments to highlight areas of improvement and implement necessary controls."Boeing also "deploys DevSecOps best practices into Program pipelines, including tool selection, configuration, and analysis,"indicating an enablement approach by integrating security into development workflows.

Security Team

The Enterprise Product Security Software organization supports security experts across all business units. Cyber risk processes are integrated into Enterprise Risk Management (ERM) and Compliance Risk Management (CRM), overseen by the Board of Directors. A key public-facing leader is Sean Sullivan, Director, Chief Engineer, Product Security Boeing Commercial Airplanes, who manages product security for Boeing commercial airplanes, including the aircraft, communications, ground systems, and factory cyber. The team size is not publicly available. As of, there were at least 4 active AppSec job postings. Common skill and tool patterns in these postings include assessing software subsystem adversity, securing cloud-based software development environments, deploying DevSecOps best practices, performing Common Vulnerabilities and Exploits (CVE) analysis, and defining and deploying consistent software security standards within the Software Development Lifecycle.

Key Initiatives

No public evidence of a Security Champions Program was found. Boeing practices "Shift Left"by deploying "DevSecOps best practices into Program pipelines, including tool selection, configuration, and analysis."For vulnerability management, Boeing performs "Common Vulnerabilities and Exploits (CVE) analysis and coordinate with system stakeholders to appropriately mitigate and address,"and maintains "a formal incident response playbook that defines general processes and protocols."Boeing also defines and deploys "consistent software security standards within the Software Development Lifecycle"and aims to "develop, implement, and sustain security and resiliency throughout the product requirements, design, build, test, production, operations, and support lifecycle."

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn