Senior Vulnerability Management & Application Security Versatilist

Senior Vulnerability Management & Application Security Versatilist

Company:

The Boeing Company

The Boeing Company is currently seeking a Senior Vulnerability Management & Application Security Versatilist to join the team in Kent, WA; North Charleston, SC; El Segundo, CA; Hazelwood, MO; Mesa, AZ; or Plano, TX. 

Join our team where you will strengthen Boeing’s Information Technology (IT) and cloud ecosystems by leading and innovating Vulnerability Management & Application Security process, tools, automation and analytics.

You will provide risk-reduction guidance to key partners, build executive-level dashboards, and implement automation and advanced analytics to identify, prioritize, and remediate vulnerabilities across applications and infrastructure hosted in cloud and on-prem environments.

This role partners closely with Enterprise Security (BES), IT, and risk teams to drive risk-based remediation and improve operational security posture.

Position Responsibilities:

• Lead development and innovation of vulnerability management & Application Security processes, tooling, automation and analytics

• Leverage dashboards, and visualizations to identify, prioritize, and communicate risks across cloud and on-prem IT infrastructure and applications

• Provide application and infrastructure support guidance to ensure remediation actions are executable and aligned with system stability and change processes

• Collaborate with BES, IT, DevSecOps, application owners, and risk teams to define remediation plans, Service Level Agreements (SLAs), and mitigation strategies for high-risk findings

• Lead and manage complex analytics projects, including automation of ingestion, correlation, scoring, and reporting pipelines

• Serve as a liaison to inspire, motivate, and guide cross-functional teams and business leaders in meeting security objectives

• Maintain awareness of emerging vulnerabilities, exploitation trends, cloud security risks, and relevant security standards and frameworks

• Contribute to playbooks, runbooks, and operational procedures for vulnerability triage, mitigation, and infrastructure change coordination

Basic Qualifications (Required Skills/Experience):

• 5+ years of experience working with Tableau

• 5+ years of experience coding in SQL, Python, Java, or R

• 5+ years of experience preparing and presenting to executives, senior leadership, and external customers

• 5+ years of experience leading through influence and partnering with cross-functional teams on projects, transactions or initiatives

• 3+ years of experience in vulnerability management, risk assessment, and/or security analytics

• Experience with vulnerability scanning tools and formats (e.g., Nessus, Qualys, Tenable, Rapid7, Snyk, Veracode, or Burp)

• Experience integrating threat intelligence and vulnerability data to prioritize remediation

Preferred Qualifications (Desired Skills/Experience):

• Bachelor’s degree or higher

• Current cybersecurity certification (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor ​(CISA))

• 5+ years of experience working with stakeholders across multiple levels and functions

• Experience with vulnerability risk rating methodologies and CISA Stakeholder-Specific Vulnerability Categorization (SSVC)

• Experience with cloud environments and cloud-native vulnerability management (Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP))

• Experience identifying complex vulnerability issues, analyzing data, and implementing automation or process changes to improve operational efficiency

• Experience with cybersecurity frameworks and regulations (e.g., National Institute of Standards and Technology (NIST), ISO 27001)

• Experience with DevSecOps toolchains, Infrastructure as Code (IaC) security scanning, and container security

• Experience with vulnerability and container scanners (e.g., Rapid7, Nessus, Qualys, Tenable, Trivy, Clair)

• Experience with application security including SAST/DAST tools (e.g., Coverity, NetSparker, Veracode, Checkmarx, Burp), and SBOM familiarity

• Experience with Cloud security tooling and APIs (AWS/Azure/GCP native and 3rd-party)

• Experience with Data pipelines & automation including Python, SQL, Airflow, Elastic Stack, Splunk, REST Application Programming Interfaces (APIs)

• Experience with visualization & reporting including Tableau, PowerBI, custom dashboards

• Experience with Threat intelligence integration and Indicators of Compromise/ Tactics, Techniques, and Procedures (IOC/TTP) correlation

• Experience with DevOps platforms including Gitlab, BitBucket, Github, Azure DevOps

• Experience translating technical findings into executive-level risk briefings and actionable remediation plans

• Experience motivating and aligning disparate stakeholders to meet remediation goals

• Experience discovering patterns, root causes, and prioritize actions based on business impact

• Experience driving multiple concurrent initiatives to timely completion

• Experience with executive dashboards and monthly risk trend reports

• Experience with automated ingestion pipelines for vulnerability and threat intelligence feeds

• Experience with prioritized remediation lists aligned to business risk and SLA tracking

• Experience with remediation playbooks and change coordination templates for infrastructure and application owners

• Experience with quarterly strategy briefings on emerging vulnerabilities and capability improvements

Conflict of Interest:

Successful candidates for this job must satisfy the Company’s Conflict of Interest (COI) assessment process.

Drug Free Workplace:

Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.

Pay & Benefits:

At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.  

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.

Pay is based upon candidate experience and qualifications, as well as market and business considerations.

Summary pay range: $142,800 – $207,000

Language Requirements:

Not Applicable

Education:

Not Applicable

Relocation:

Relocation assistance is not a negotiable benefit for this position.

Export Control Requirement:

This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.62 is required. “U.S. Person” includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee.

Safety Sensitive:

This is not a Safety Sensitive Position.

Security Clearance:

This position does not require a Security Clearance.

Visa Sponsorship:

Employer will not sponsor applicants for employment visa status.

Contingent Upon Award Program

This position is not contingent upon program award

Shift:

Shift 1 (United States of America)

Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud - Recruitment Fraud Warning