Senior Vulnerability Assessments Specialist - Operational Technology (OT)

Senior Vulnerability Assessments Specialist - Operational Technology (OT)

Company:

The Boeing Company

The Boeing Company is currently seeking a Senior Vulnerability Assessments Specialist - Operational Technology (OT) to join the team in Kent, WA; North Charleston, SC; Hazelwood, MO; Mesa, AZ; El Segundo, CA; or Plano, TX.

This role will assess and drive remediation of vulnerabilities that impact OT environments across manufacturing, production, and mission-critical infrastructure.

The ideal candidate brings deep vulnerability lifecycle experience, demonstrated OT/ Industrial Control System (ICS) knowledge, and the ability to translate technical findings into pragmatic remediation and risk-mitigation plans for operational stakeholders.

Position Responsibilities:

• Develop and execute vulnerability management processes for OT/ICS environments, including networked controllers, Human-Machine Interfaces (HMIs), Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) systems, and supporting enterprise infrastructure

• Execute enterprise processes for emergent vulnerabilities

• Evaluate risk and recommend prioritized mitigation or remediation actions

• Perform detailed exploitability and impact analysis that factors threat context, asset criticality, environmental constraints, and existing controls

• Drive remediation and risk reduction efforts end-to-end: develop mitigation plans, coordinate with engineering/operations teams, track remediation progress, and report burndown to stakeholders

• Collaborate with cross-functional security, Information Technology (IT), engineering, and operations teams to operationalize new capabilities and harden OT systems

• Produce clear, actionable technical reports and stakeholder narratives tailored to technical teams, line-of-business owners, and senior leadership

• Maintain and improve assessment methodologies, playbooks, and automation to raise first-time quality and repeatability

• Mentor junior team members, review technical analyses, and contribute to continuous improvement of vulnerability management processes

Basic Qualifications (Required Skills/Experience):

• 5+ years of experience with leading Incident Response and/or Vulnerability Management activities

• 3+ years of experience in penetrating testing and vulnerability assessments using manual techniques and vulnerability testing tools (including scanners, sniffers, fuzzers and exploit tools such as Burp, Nmap, Kali and Metasploit)

• 3+ years of experience with vulnerability scanning tools and formats (e.g., Nessus, Qualys, Tenable, Rapid7, Snyk, Veracode, or Burp)

• 3+ years of experience in performing system administration tasks on Windows and Linux hosts including installing security patches and making configuration changes to support security requirements

• Experience with analytical skills in data, with ability to identify gaps in roll out of tools, processes and application of skills in tools within the areas of vulnerability management and endpoint controls

• Working knowledge of vulnerability and risk management frameworks, ratings, and contextualizing data based on risk (e.g., CVSS, CVE, NVD, etc)

Preferred Qualifications (Desired Skills/Experience):

• Bachelor’s degree or higher

• Active certifications including Global Industrial Cyber Security Professional (GICSP), Global Information Assurance Certification (GIAC) GICSP/Generic Routing Encapsulation (GRE)/GIAC Continuous Monitoring Certification (GMON), Certified Information Systems Security Professional (CISSP), Certified Red Team Professional (CRTP), or equivalent OT/ICS security credentials

• Experience evaluating exploitability and recommending mitigations that are operationally feasible in production OT environments

• Experience with strong written and verbal communication skills with the ability to convey technical risk to non-technical stakeholders and drive cross-functional decisions

• Experience being self-directed, adaptable to ambiguity, comfortable working under pressure, and able to operate with minimal guidance when needed

• Experience speaking up, contributing to cross-functional discussions, and collaborating effectively to reach resolution

• Experience with OT/ICS domain knowledge (Programmable Logic Controller (PLC)/ Remote Terminal Unit (RTU)/HMI architectures, common vendors/protocols such as Modbus, DNP3, OPC, BACnet)

• Experience with industrial network segmentation, OT-safe scanning, and safe testing practices in production environments

• Experience working with National Institute of Standard Technology (NIST) security controls and frameworks (e.g., NIST CSF, SP 800-82 for ICS security)

• Experience working with Cloud and container security for hybrid OT/IT environments

• Experience building or operating vulnerability management platforms and custom integrations (ingestion, correlation, ticketing)

• Experience contributing to enterprise-wide control effectiveness and resilience

Conflict of Interest:

Successful candidates for this job must satisfy the Company’s Conflict of Interest (COI) assessment process.

Drug Free Workplace:

Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.

Pay & Benefits:

At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.  

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.

Pay is based upon candidate experience and qualifications, as well as market and business considerations.

Summary pay range: $142,800 – $207,000

Language Requirements:

Not Applicable

Education:

Not Applicable

Relocation:

Relocation assistance is not a negotiable benefit for this position.

Export Control Requirement:

This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.62 is required. “U.S. Person” includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee.

Safety Sensitive:

This is not a Safety Sensitive Position.

Security Clearance:

This position does not require a Security Clearance.

Visa Sponsorship:

Employer will not sponsor applicants for employment visa status.

Contingent Upon Award Program

This position is not contingent upon program award

Shift:

Shift 1 (United States of America)

Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud - Recruitment Fraud Warning