Boeing

Mid-level Vulnerability Assessments & Infrastructure Specialist – Vulnerability & Attack Surface Management

Boeing

full-time

Posted on:

Location Type: Hybrid

Location: KentArizonaCaliforniaUnited States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $115,600 - $167,900 per year

Tech Stack

AWSAzureCloudCyber SecurityDNSFirewallsGoogle Cloud PlatformLinuxTCP/IP

About the role

  • Operate and optimize enterprise vulnerability assessment platforms and AppSec integrations to identify, validate, and prioritize security findings across infrastructure and applications
  • Perform technical exploitability analysis and business-impact assessments
  • Translate findings into prioritized, operationally feasible remediation actions for engineering, Information Technology (IT), and operations teams
  • Contribute to development and operationalization of assessment playbooks, scanning standards, AppSec scanning pipelines (Static Application Security Testing/Software Composition Analysis/Dynamic Application Security Testing (SAST/SCA/DAST), reporting, and automation to improve detection fidelity and remediation velocity
  • Execute enterprise processes for scheduled and emergent vulnerability assessments, including infrastructure and application discovery, authenticated scanning, and targeted assessments
  • Configure, tune, and maintain vulnerability scanning platforms and AppSec integrations (e.g., Rapid7, Tenable, Qualys, Snyk, Veracode), manage credentials, scopes, schedules, and scan policies
  • Investigate findings to distinguish true positives from false positives and to identify environmental/configuration constraints, including container, cloud, and legacy systems
  • Correlate vulnerability scanner output with threat intelligence, application findings (SAST/DAST/SCA), and asset criticality to produce contextualized risk ratings and remediation priorities
  • Assess exploitability, potential for lateral movement, and operational impact for infrastructure, middleware, and application vulnerabilities
  • Create remediation plans and work with system owners, application teams, and subsidiary stakeholders to coordinate fixes, compensating controls, and risk-accepted outcomes
  • Track remediation burndown, Service Level Agreements (SLAs), and closure
  • Escalate high-risk items and produce executive and technical reports tailored to stakeholder audiences
  • Collaborate with VASM, AppSec, DevSecOps, engineering, and IT teams to operationalize new scanning capabilities, integrate AppSec pipelines, and reduce noise through tuning and automation
  • Contribute to continuous improvement

Requirements

  • 5+ years of experience with vulnerability scanning concepts and best practices, and operating enterprise vulnerability assessment platforms such as Rapid7, Tenable, or Qualys
  • 5+ years of experience with Linux and/or Windows Security
  • 5+ years of experience troubleshooting foundational networking issues (TCP/IP, DNS, routing, firewalls) and performing network scanning and assessments
  • 5+ years of experience analyzing vulnerability findings, triaging true vs false positives, and identifying environmental limitations or compensating controls
  • 5+ years of experience managing scan configurations, credentials, schedules, and assessment scope within large or distributed environments
  • Active Security+, Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or vendor/tool-specific certifications preferred
  • Experience with application security exposure (SAST/DAST/SCA) and ability to ingest or correlate AppSec findings with infrastructure vulnerabilities
  • Experience integrating vulnerability management with AppSec pipelines and DevSecOps toolchains (Continuous Integration/Continuous Deployment (CI/CD) integration, SCA, container scanning)
  • Experience with vulnerability risk rating methodologies (Common Vulnerability Scoring System (CVSS), Cybersecurity and Infrastructure Security Agency (CISA) Stakeholder-Specific Vulnerability Categorization (SSVC), or organization-specific risk models) and threat intelligence correlation
  • Experience with cloud environments and cloud-native scanning challenges (Amazon Web Services (AWS)/Azure/Google Cloud Platform (GCP)) and containerized workloads
  • Experience enabling self-service vulnerability dashboards and automated exports for business and subsidiary teams
  • Experience with regulated or compliance-driven environments and supporting audit or risk frameworks (e.g., National Institute of Standard Technology (NIST), International Organization for Standardization (ISO)).
Benefits
  • Health insurance
  • Flexible spending accounts
  • Health savings accounts
  • Retirement savings plans
  • Life and disability insurance programs
  • Paid time off
  • Unpaid time away from work
  • Competitive base pay and variable compensation opportunities
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
vulnerability assessmentexploitability analysisremediation planningnetwork scanningvulnerability risk ratingapplication security testingcloud securitycontainer securityincident responseautomation
Soft Skills
collaborationcommunicationproblem-solvinganalytical thinkingstakeholder managementreportingprioritizationcontinuous improvementtechnical writingteam coordination
Certifications
Security+CISSPCRISC