Mid-level Vulnerability Assessments & Infrastructure Specialist - Vulnerability & Attack Surface Management (VASM)

Job Description The Boeing Company is currently seeking a Mid-level Vulnerability Assessments & Infrastructure Specialist - Vulnerability & Attack Surface Management (VASM) to join the team in Kent, WA; North Charleston, SC; Hazelwood, MO; Mesa, AZ; El Segundo, CA; or Plano, TX. The Boeing Company is seeking a Mid-level Vulnerability Assessments & Infrastructure Specialist to join the Vulnerability & Attack Surface Management (VASM) team. This hands-on role supports vulnerability management across the Boeing estate and subsidiaries, providing vulnerability risk analysis, application security support, and remediation orchestration for both infrastructure and applications. The ideal candidate combines practical experience operating enterprise vulnerability assessment platforms, applied application security knowledge, foundational infrastructure and networking skills, and business-context awareness of Boeing's lines of business and subsidiaries. VASM protects Boeing's global mission by identifying, validating, and driving remediation of vulnerabilities across cloud, datacenter, operational technology (OT), and application environments, including systems managed by Boeing Commercial Airplanes, Boeing Defense, Space & Security, Boeing Global Services, and key subsidiaries and supplier integrations. You will help close security gaps that could impact safety, supply chain continuity, regulatory compliance, or operational availability. Your Responsibilities Operate and optimize enterprise vulnerability assessment platforms and AppSec integrations to identify, validate, and prioritize security findings across infrastructure and applications Perform technical exploitability analysis and business-impact assessments Translate findings into prioritized, operationally feasible remediation actions for engineering, Information Technology (IT), and operations teams Contribute to development and operationalization of assessment playbooks, scanning standards, AppSec scanning pipelines (Static Application Security Testing/Software Composition Analysis/Dynamic Application Security Testing (SAST/SCA/DAST), reporting, and automation to improve detection fidelity and remediation velocity Execute enterprise processes for scheduled and emergent vulnerability assessments, including infrastructure and application discovery, authenticated scanning, and targeted assessments Configure, tune, and maintain vulnerability scanning platforms and AppSec integrations (e.g., Rapid7, Tenable, Qualys, Snyk, Veracode), manage credentials, scopes, schedules, and scan policies Investigate findings to distinguish true positives from false positives and to identify environmental/configuration constraints, including container, cloud, and legacy systems Correlate vulnerability scanner output with threat intelligence, application findings (SAST/DAST/SCA), and asset criticality to produce contextualized risk ratings and remediation priorities Assess exploitability, potential for lateral movement, and operational impact for infrastructure, middleware, and application vulnerabilities Create remediation plans and work with system owners, application teams, and subsidiary stakeholders to coordinate fixes, compensating controls, and risk-accepted outcomes Track remediation burndown, Service Level Agreements (SLAs), and closure Escalate high-risk items and produce executive and technical reports tailored to stakeholder audiences Collaborate with VASM, AppSec, DevSecOps, engineering, and IT teams to operationalize new scanning capabilities, integrate AppSec pipelines, and reduce noise through tuning and automation Contribute to continuous improvement Drive automation of ingestion/correlation pipelines, standardize playbooks and runbooks, and deliver training to remediation owners and subsidiary teams What We Are Looking For 5+ years of experience with vulnerability scanning concepts and best practices, and operating enterprise vulnerability assessment platforms such as Rapid7, Tenable, or Qualys 5+ years of experience with Linux and/or Windows Security 5+ years of experience troubleshooting foundational networking issues (TCP/IP, DNS, routing, firewalls) and performing network scanning and assessments 5+ years of experience analyzing vulnerability findings, triaging true vs false positives, and identifying environmental limitations or compensating controls 5+ years of experience managing scan configurations, credentials, schedules, and assessment scope within large or distributed environments What We Offer Competitive base pay and variable compensation opportunities Health insurance Flexible spending accounts Health savings accounts Retirement savings plans Life and disability insurance programs Programs that provide for both paid and unpaid time away from work Job Details Function Corporate Sub-Function IT, Software & Data Science Level Professional Work Type Onsite Contract Full-Time Location Kent, United States Job

ID Y5BIUH

Interested in this position? You will be redirected to the company website Apply on company site Stand out from other applicants with your professional online CV. Create your AeroCV → AeroSelect Training 2-Day Onsite Programmes 2-day onsite programmes for aviation professionals: assessment prep and leadership essentials. View Programmes →