Mid-Level Vulnerability Assessments Specialist - Operational Technology (OT)

Mid-Level Vulnerability Assessments Specialist - Operational Technology (OT)

Company:

The Boeing Company

The Boeing Company is currently seeking a Mid-Level Vulnerability Assessments Specialist - Operational Technology (OT) to join the team in Kent, WA; North Charleston, SC; Hazelwood, MO; Mesa, AZ; El Segundo, CA; or Plano TX. 

This position is hands‑on and operationally focused where you will perform vulnerability assessments, analyze exploitability and business impact in OT environments, and collaborate with engineering and operations teams to drive pragmatic remediation and risk reduction.

You will help protect Boeing’s operational continuity by identifying and reducing OT vulnerabilities that could impact safety and production. This role sits at the intersection of cybersecurity, engineering, and operations delivering practical assessments and remediation guidance for complex, mission‑critical systems.

Position Responsibilities:

• Perform technical vulnerability assessments for OT/Industrial Control System (ICS) environments (Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), Supervisory Control and Data Acquisition (SCADA), industrial gateways, and supporting enterprise infrastructure

• Rapidly assess emergent vulnerabilities, determine contextual risk, and recommend prioritized mitigation or remediation actions that are operationally feasible

• Translate technical findings into clear, actionable remediation plans and status updates for engineering and operational stakeholders

• Work with cross‑functional teams to operationalize vulnerability management capabilities and improve assessment playbooks and automation

• Contribute to continuous improvement of processes and tooling to increase assessment quality and throughput

• Develop and execute vulnerability management processes for OT/ICS environments, including networked controllers, HMIs, PLCs, SCADA systems, and supporting enterprise infrastructure

• Execute enterprise processes for emergent vulnerabilities

• Evaluate risk and recommend prioritized mitigation or remediation actions

• Perform detailed exploitability and impact analysis that factors threat context, asset criticality, environmental constraints, and existing controls

• Drive remediation and risk reduction efforts end-to-end

• Develop mitigation plans, coordinate with engineering/operations teams, track remediation progress, and report burndown to stakeholders

• Collaborate with cross-functional security, Information Technology (IT), engineering, and operations teams to operationalize new capabilities and harden OT systems

• Produce clear, actionable technical reports and stakeholder narratives tailored to technical teams, line-of-business owners, and senior leadership

• Maintain and improve assessment methodologies, playbooks, and automation to raise first-time quality and repeatability

• Mentor junior team members, review technical analyses, and contribute to continuous improvement of vulnerability management processes

• Execute vulnerability scans and targeted technical assessments in OT and connected IT environments using safe, OT‑aware techniques

• Analyze vulnerability feeds (Common Vulnerabilities and Exposures (CVE), National Vulnerability Database (NVD), Common Vulnerability Scoring System (CVSS) metrics, exploitability data, and threat intelligence to derive contextual risk ratings

• Evaluate software and hardware configurations, assess control effectiveness, and recommend mitigations that balance security and operational constraints

• Prioritize remediation efforts based on severity, exploitability, asset criticality, business impact, and existing controls

• Author concise technical reports and stakeholder narratives for remediation owners and leadership

• Track remediation progress, coordinate with owners, and escalate as needed to ensure timely resolution

• Support integration of vulnerability data into enterprise platforms and ticketing systems

Basic Qualifications (Required Skills/Experience):

• 3+ years of experience in vulnerability management, vulnerability assessment, or incident response

• Experience with vulnerability assessment tools and techniques (e.g., Tenable, Rapid7, Qualys, Nmap, Burp Suite) and the ability to interpret results for OT use cases

• Experience with CVE/CVSS/NVD and ability to contextualize vulnerability data based on asset attributes and threat factors

• Experience with networking, Windows and Linux platforms, configuration management, and patching processes

• Experience evaluating exploitability and propose mitigations that are implementable in production OT environments

• Experience communicating technical risk to both technical and non‑technical stakeholders

Preferred Qualifications (Desired Skills/Experience):

• Bachelor’s degree or higher

• Active certifications including Global Industrial Cyber Security Professional (GICSP), Global Information Assurance Certification (GIAC) ICS, Certified Information Systems Security Professional (CISSP), or equivalent

• Experience with OT/ICS domain knowledge (PLC/RTU/HMI architectures and common protocols such as Modbus, DNP3, OPC, BACnet)

• Experience with OT‑safe scanning practices, industrial network segmentation, and production test safety

• Experience with National Institute of Standard Technology (NIST) security frameworks (e.g., NIST CSF, SP 800‑82) and industry best practices for ICS security

• Experience with exposure to cloud or container security in hybrid OT/IT environments

• Experience integrating vulnerability data into platforms (ingestion, correlation, ticketing) and basic automation

• Experience assessing control effectiveness across enterprise and OT domains

• Experience evaluating exploitability and recommending mitigations that are operationally feasible in production OT environments

• Experience with strong written and verbal communication skills

• Experience working as a self‑starter who can operate with moderate guidance, comfortable working in ambiguous, fast‑moving situations

• Experience working as a collaborative team member with the ability to participate effectively in cross‑functional discussions

Conflict of Interest:

Successful candidates for this job must satisfy the Company’s Conflict of Interest (COI) assessment process.

Drug Free Workplace:

Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.

Pay & Benefits:

At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.  

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.

Pay is based upon candidate experience and qualifications, as well as market and business considerations.

Summary pay range: $115,600 – $167,900

Language Requirements:

Not Applicable

Education:

Not Applicable

Relocation:

Relocation assistance is not a negotiable benefit for this position.

Export Control Requirement:

This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.62 is required. “U.S. Person” includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee.

Safety Sensitive:

This is not a Safety Sensitive Position.

Security Clearance:

This position does not require a Security Clearance.

Visa Sponsorship:

Employer will not sponsor applicants for employment visa status.

Contingent Upon Award Program

This position is not contingent upon program award

Shift:

Shift 1 (United States of America)

Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud - Recruitment Fraud Warning