Mid-level Vulnerability Assessments & Infrastructure Specialist - Vulnerability & Attack Surfac
Listed on 2026-05-26
-
IT/Tech
Cybersecurity, IT Support, Systems Engineer, Network Security
Mid-level Vulnerability Assessments & Infrastructure Specialist - Vulnerability & Attack Surface Management (VASM)
Company:
The Boeing Company
The Boeing Company is seeking a Mid-level Vulnerability Assessments & Infrastructure Specialist - Vulnerability & Attack Surface Management (VASM) to join the team in Kent, WA;
North Charleston, SC;
Hazelwood, MO;
Mesa, AZ;
El Segundo, CA; or Plano, TX. This hands-on role supports vulnerability management across the Boeing estate and subsidiaries, providing vulnerability risk analysis, application security support, and remediation orchestration for both infrastructure and applications.
The ideal candidate combines practical experience operating enterprise vulnerability assessment platforms, applied application security knowledge, foundational infrastructure and networking skills, and business-context awareness of Boeing’s lines of business and subsidiaries.
VASM protects Boeing’s global mission by identifying, validating, and driving remediation of vulnerabilities across cloud, datacenter, operational technology (OT), and application environments, including systems managed by Boeing Commercial Airplanes, Boeing Defense, Space & Security, Boeing Global Services, and key subsidiaries and supplier integrations.
You will help close security gaps that could impact safety, supply chain continuity, regulatory compliance, or operational availability.
Position ResponsibilitiesOperate and optimize enterprise vulnerability assessment platforms and App Sec integrations to identify, validate, and prioritize security findings across infrastructure and applications
Perform technical exploitability analysis and business-impact assessments
Translate findings into prioritized, operationally feasible remediation actions for engineering, Information Technology (IT), and operations teams
Contribute to development and operationalization of assessment playbooks, scanning standards, App Sec scanning pipelines (Static Application Security Testing/Software Composition Analysis/Dynamic Application Security Testing (SAST/SCA/DAST), reporting, and automation to improve detection fidelity and remediation velocity
Execute enterprise processes for scheduled and emergent vulnerability assessments, including infrastructure and application discovery, authenticated scanning, and targeted assessments
Configure, tune, and maintain vulnerability scanning platforms and App Sec integrations (e.g., Rapid7, Tenable, Qualys, Snyk, Veracode), manage credentials, scopes, schedules, and scan policies
Investigate findings to distinguish true positives from false positives and to identify environmental/configuration constraints, including container, cloud, and legacy systems
Correlate vulnerability scanner output with threat intelligence, application findings (SAST/DAST/SCA), and asset criticality to produce contextualized risk ratings and remediation priorities
Assess exploitability, potential for lateral movement, and operational impact for infrastructure, middleware, and application vulnerabilities
Create remediation plans and work with system owners, application teams, and subsidiary stakeholders to coordinate fixes, compensating controls, and risk-accepted outcomes
Track remediation burndown, Service Level Agreements (SLAs), and closure
Escalate high-risk items and produce executive and technical reports tailored to stakeholder audiences
Collaborate with VASM, App Sec, Dev Sec Ops , engineering, and IT teams to operationalize new scanning capabilities, integrate App Sec pipelines, and reduce noise through tuning and automation
Contribute to continuous improvement
Drive automation of ingestion/correlation pipelines, standardize playbooks and runbooks, and deliver training to remediation owners and subsidiary teams
- 5+ years of experience with vulnerability scanning concepts and best practices, and operating enterprise vulnerability assessment platforms such as Rapid7, Tenable, or Qualys
- 5+ years of experience with Linux and/or Windows Security
- 5+ years of experience troubleshooting foundational networking issues (TCP/IP, DNS, routing, firewalls) and performing network…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).