Mid-level Vulnerability Assessments & Infrastructure Specialist - Vulnerability & Attack Surfac

Job Description

At Boeing, we innovate and collaborate to make the world a better place. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.

The Boeing Company is currently seeking a Mid-level Vulnerability Assessments & Infrastructure Specialist - Vulnerability & Attack Surface Management (VASM) to join the team in Kent, WA;
North Charleston, SC;
Hazelwood, MO;
Mesa, AZ;
El Segundo, CA; or Plano, TX.

The Boeing Company is seeking a Mid-level Vulnerability Assessments & Infrastructure Specialist to join the Vulnerability & Attack Surface Management (VASM) team. This hands-on role supports vulnerability management across the Boeing estate and subsidiaries, providing vulnerability risk analysis, application security support, and remediation orchestration for both infrastructure and applications.

The ideal candidate combines practical experience operating enterprise vulnerability assessment platforms, applied application security knowledge, foundational infrastructure and networking skills, and business-context awareness of Boeing’s lines of business and subsidiaries.

VASM protects Boeing’s global mission by identifying, validating, and driving remediation of vulnerabilities across cloud, datacenter, operational technology (OT), and application environments, including systems managed by Boeing Commercial Airplanes, Boeing Defense, Space & Security, Boeing Global Services, and key subsidiaries and supplier integrations.

You will help close security gaps that could impact safety, supply chain continuity, regulatory compliance, or operational availability.

• Operate and optimize enterprise vulnerability assessment platforms and App Sec integrations to identify, validate, and prioritize security findings across infrastructure and applications
• Perform technical exploitability analysis and business-impact assessments
• Translate findings into prioritized, operationally feasible remediation actions for engineering, Information Technology (IT), and operations teams
• Contribute to development and operationalization of assessment playbooks, scanning standards, App Sec scanning pipelines (Static Application Security Testing/Software Composition Analysis/Dynamic Application Security Testing (SAST/SCA/DAST), reporting, and automation to improve detection fidelity and remediation velocity
• Execute enterprise processes for scheduled and emergent vulnerability assessments, including infrastructure and application discovery, authenticated scanning, and targeted assessments
• Configure, tune, and maintain vulnerability scanning platforms and App Sec integrations (e.g., Rapid7, Tenable, Qualys, Snyk, Veracode), manage credentials, scopes, schedules, and scan policies
• Investigate findings to distinguish true positives from false positives and to identify environmental/configuration constraints, including container, cloud, and legacy systems
• Correlate vulnerability scanner output with threat intelligence, application findings (SAST/DAST/SCA), and asset criticality to produce contextualized risk ratings and remediation priorities
• Assess exploitability, potential for lateral movement, and operational impact for infrastructure, middleware, and application vulnerabilities
• Create remediation plans and work with system owners, application teams, and subsidiary stakeholders to coordinate fixes, compensating controls, and risk-accepted outcomes
• Track remediation burndown, Service Level Agreements (SLAs), and closure
• Escalate high-risk items and produce executive and technical reports tailored to stakeholder audiences
• Collaborate with VASM, App Sec, Dev Sec Ops , engineering, and IT teams to operationalize new scanning capabilities, integrate App Sec pipelines, and reduce noise through tuning and automation
• Contribute to continuous improvement
• Drive automation of ingestion/correlation pipelines, standardize playbooks and runbooks, and deliver training to remediation owners and subsidiary teams

• 5+ years of experience with vulnerability scanning concepts and best practices, and operating enterprise vulnerability assessment platforms such as Rapid7, Tenable, or Qualys
• 5+ years of experience with Linux and/or Windows Security
• 5+ years of experience troubleshooting foundational networking issues (TCP/IP, DNS, routing, firewalls) and performing network scanning and assessments
• 5+ years of experience analyzing vulnerability findings, triaging true vs false positives, and identifying environmental limitations or compensating controls
• 5+ years of experience managing scan configurations, credentials, schedules, and assessment scope within large or distributed environments

• Active Security+, Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or…