Boeing

Senior Vulnerability Management, Application Security

Boeing

full-time

Posted on:

Location Type: Hybrid

Location: KentArizonaCaliforniaUnited States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $142,800 - $207,000 per year

Job Level

Senior

Tech Stack

AirflowAWSAzureCloudCyber SecurityGoogle Cloud PlatformJavaPythonSplunkSQLTableau

About the role

  • Lead development and innovation of vulnerability management & Application Security processes, tooling, automation and analytics
  • Leverage dashboards, and visualizations to identify, prioritize, and communicate risks across cloud and on-prem IT infrastructure and applications
  • Provide application and infrastructure support guidance to ensure remediation actions are executable and aligned with system stability and change processes
  • Collaborate with BES, IT, DevSecOps, application owners, and risk teams to define remediation plans, Service Level Agreements (SLAs), and mitigation strategies for high-risk findings
  • Lead and manage complex analytics projects, including automation of ingestion, correlation, scoring, and reporting pipelines
  • Serve as a liaison to inspire, motivate, and guide cross-functional teams and business leaders in meeting security objectives
  • Maintain awareness of emerging vulnerabilities, exploitation trends, cloud security risks, and relevant security standards and frameworks
  • Contribute to playbooks, runbooks, and operational procedures for vulnerability triage, mitigation, and infrastructure change coordination

Requirements

  • 5+ years of experience working with Tableau
  • 5+ years of experience coding in SQL, Python, Java, or R
  • 5+ years of experience preparing and presenting to executives, senior leadership, and external customers
  • 5+ years of experience leading through influence and partnering with cross-functional teams on projects, transactions or initiatives
  • 3+ years of experience in vulnerability management, risk assessment, and/or security analytics
  • Experience with vulnerability scanning tools and formats (e.g., Nessus, Qualys, Tenable, Rapid7, Snyk, Veracode, or Burp)
  • Experience integrating threat intelligence and vulnerability data to prioritize remediation
  • Bachelor’s degree or higher
  • Current cybersecurity certification (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor ​(CISA))
  • 5+ years of experience working with stakeholders across multiple levels and functions
  • Experience with vulnerability risk rating methodologies and CISA Stakeholder-Specific Vulnerability Categorization (SSVC)
  • Experience with cloud environments and cloud-native vulnerability management (Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP))
  • Experience identifying complex vulnerability issues, analyzing data, and implementing automation or process changes to improve operational efficiency
  • Experience with cybersecurity frameworks and regulations (e.g., National Institute of Standards and Technology (NIST), ISO 27001)
  • Experience with DevSecOps toolchains, Infrastructure as Code (IaC) security scanning, and container security
  • Experience with vulnerability and container scanners (e.g., Rapid7, Nessus, Qualys, Tenable, Trivy, Clair)
  • Experience with application security including SAST/DAST tools (e.g., Coverity, NetSparker, Veracode, Checkmarx, Burp), and SBOM familiarity
  • Experience with Cloud security tooling and APIs (AWS/Azure/GCP native and 3rd-party)
  • Experience with Data pipelines & automation including Python, SQL, Airflow, Elastic Stack, Splunk, REST Application Programming Interfaces (APIs)
  • Experience with visualization & reporting including Tableau, PowerBI, custom dashboards
  • Experience with Threat intelligence integration and Indicators of Compromise/ Tactics, Techniques, and Procedures (IOC/TTP) correlation
  • Experience with DevOps platforms including Gitlab, BitBucket, Github, Azure DevOps
  • Experience translating technical findings into executive-level risk briefings and actionable remediation plans
  • Experience motivating and aligning disparate stakeholders to meet remediation goals
  • Experience discovering patterns, root causes, and prioritize actions based on business impact
  • Experience driving multiple concurrent initiatives to timely completion
  • Experience with executive dashboards and monthly risk trend reports
  • Experience with automated ingestion pipelines for vulnerability and threat intelligence feeds
  • Experience with prioritized remediation lists aligned to business risk and SLA tracking
  • Experience with remediation playbooks and change coordination templates for infrastructure and application owners
  • Experience with quarterly strategy briefings on emerging vulnerabilities and capability improvements
Benefits
  • health insurance
  • flexible spending accounts
  • health savings accounts
  • retirement savings plans
  • life and disability insurance programs
  • paid and unpaid time away from work
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
SQLPythonJavaRTableauvulnerability managementrisk assessmentsecurity analyticsautomationdata pipelines
Soft Skills
leadershipcollaborationcommunicationinfluencemotivationguidancepresentationstakeholder engagementproblem-solvingproject management
Certifications
CISSPCISMCISABachelor's degree