Mid-level vulnerability assessment specialist – VASM

Requirements

Must have:

– Over 5 years of experience in vulnerability scanning principles and methodologies, as well as managing enterprise vulnerability assessment tools such as Rapid7, Tenable, or Qualys – More than 5 years of experience with Linux and/or Windows security – At least 5 years of experience diagnosing fundamental networking issues (TCP/IP, DNS, routing, firewalls) and conducting network assessments – Over 5 years of experience in analyzing vulnerability outcomes, differentiating true positives from false positives, and recognizing environmental or compensating controls – At least 5 years of experience in managing scanning configurations, credentials, timelines, and assessment scopes in extensive or distributed environments

Responsibilities:

• Manage and enhance enterprise vulnerability assessment platforms and application security integrations to identify, validate, and rank security issues across both infrastructure and applications – Conduct technical exploitability assessments and evaluate business impacts – Convert findings into prioritized, actionable remediation steps for engineering, IT, and operations teams – Assist in creating and implementing assessment playbooks, scanning protocols, application security pipelines (SAST/SCA/DAST), reporting, and automation to boost detection accuracy and remediation speed – Carry out scheduled and urgent vulnerability assessments, including infrastructure and application discovery, authenticated scanning, and targeted evaluations – Set up, fine-tune, and maintain vulnerability scanning tools and application security integrations, manage credentials, scopes, schedules, and scanning policies – Analyze findings to differentiate actual vulnerabilities from false alarms and ascertain environmental/configuration constraints, including container, cloud, and legacy systems – Integrate vulnerability scanner results with threat intelligence, application findings, and asset significance to generate contextual risk assessments and remediation priorities – Evaluate exploitability, potential lateral movement risk, and operational repercussions for infrastructure, middleware, and application vulnerabilities – Develop remediation strategies and collaborate with system owners, application teams, and subsidiary stakeholders to coordinate fixes and risk acceptance – Monitor remediation progress, compliance with Service Level Agreements, and closure – Bring high-risk vulnerabilities to attention and generate tailored reports for both executive and technical audiences – Work closely with VASM, application security, DevSecOps, engineering, and IT teams to implement new scanning capabilities, merge application security pipelines, and minimize noise through optimization and automation – Foster a culture of continuous improvement – Propel automation of ingestion/correlation pipelines, standardize playbooks and runbooks, and provide training to remediation teams and subsidiaries

• ---

Company:

We are The Boeing Company, seeking a Mid-level Vulnerability Assessments & Infrastructure Specialist to join our Vulnerability & Attack Surface Management (VASM) team. This hands-on position will support vulnerability management across Boeings operations and subsidiaries, delivering vulnerability risk analysis and application security assistance, while orchestrating remediation efforts for both infrastructure and applications. We take pride in protecting Boeings mission globally by identifying and addressing vulnerabilities in critical environments, ensuring safety and operational continuity. We offer a comprehensive Total Rewards package, including competitive salaries and various benefit programs, while our locations span across Kent, WA; North Charleston, SC; Hazelwood, MO; Mesa, AZ; El Segundo, CA; or Plano, TX.