Mid-Level Vulnerability Assessments Specialist - Operational Technology (OT)

About The Position

Requirements

• 3+ years of experience in vulnerability management, vulnerability assessment, or incident response
• Experience with vulnerability assessment tools and techniques (e.g., Tenable, Rapid7, Qualys, Nmap, Burp Suite) and the ability to interpret results for OT use cases
• Experience with CVE/CVSS/NVD and ability to contextualize vulnerability data based on asset attributes and threat factors
• Experience with networking, Windows and Linux platforms, configuration management, and patching processes
• Experience evaluating exploitability and propose mitigations that are implementable in production OT environments
• Experience communicating technical risk to both technical and non‑technical stakeholders

Nice To Haves

• Bachelor’s degree or higher
• Active certifications including Global Industrial Cyber Security Professional (GICSP), Global Information Assurance Certification (GIAC) ICS, Certified Information Systems Security Professional (CISSP), or equivalent
• Experience with OT/ICS domain knowledge (PLC/RTU/HMI architectures and common protocols such as Modbus, DNP3, OPC, BACnet)
• Experience with OT‑safe scanning practices, industrial network segmentation, and production test safety
• Experience with National Institute of Standard Technology (NIST) security frameworks (e.g., NIST CSF, SP 800‑82) and industry best practices for ICS security
• Experience with exposure to cloud or container security in hybrid OT/IT environments
• Experience integrating vulnerability data into platforms (ingestion, correlation, ticketing) and basic automation
• Experience assessing control effectiveness across enterprise and OT domains
• Experience evaluating exploitability and recommending mitigations that are operationally feasible in production OT environments
• Experience with strong written and verbal communication skills
• Experience working as a self‑starter who can operate with moderate guidance, comfortable working in ambiguous, fast-moving situations
• Experience working as a collaborative team member with the ability to participate effectively in cross‑functional discussions

Responsibilities

• Perform technical vulnerability assessments for OT/Industrial Control System (ICS) environments (Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), Supervisory Control and Data Acquisition (SCADA), industrial gateways, and supporting enterprise infrastructure
• Rapidly assess emergent vulnerabilities, determine contextual risk, and recommend prioritized mitigation or remediation actions that are operationally feasible
• Translate technical findings into clear, actionable remediation plans and status updates for engineering and operational stakeholders
• Work with cross‑functional teams to operationalize vulnerability management capabilities and improve assessment playbooks and automation
• Contribute to continuous improvement of processes and tooling to increase assessment quality and throughput
• Develop and execute vulnerability management processes for OT/ICS environments, including networked controllers, HMIs, PLCs, SCADA systems, and supporting enterprise infrastructure
• Execute enterprise processes for emergent vulnerabilities
• Evaluate risk and recommend prioritized mitigation or remediation actions
• Perform detailed exploitability and impact analysis that factors threat context, asset criticality, environmental constraints, and existing controls
• Drive remediation and risk reduction efforts end-to-end
• Develop mitigation plans, coordinate with engineering/operations teams, track remediation progress, and report burndown to stakeholders
• Collaborate with cross-functional security, Information Technology (IT), engineering, and operations teams to operationalize new capabilities and harden OT systems
• Produce clear, actionable technical reports and stakeholder narratives tailored to technical teams, line-of-business owners, and senior leadership
• Maintain and improve assessment methodologies, playbooks, and automation to raise first-time quality and repeatability
• Mentor junior team members, review technical analyses, and contribute to continuous improvement of vulnerability management processes
• Execute vulnerability scans and targeted technical assessments in OT and connected IT environments using safe, OT‑aware techniques
• Analyze vulnerability feeds (Common Vulnerabilities and Exposures (CVE), National Vulnerability Database (NVD), Common Vulnerability Scoring System (CVSS) metrics, exploitability data, and threat intelligence to derive contextual risk ratings
• Evaluate software and hardware configurations, assess control effectiveness, and recommend mitigations that balance security and operational constraints
• Prioritize remediation efforts based on severity, exploitability, asset criticality, business impact, and existing controls
• Author concise technical reports and stakeholder narratives for remediation owners and leadership
• Track remediation progress, coordinate with owners, and escalate as needed to ensure timely resolution
• Support integration of vulnerability data into enterprise platforms and ticketing systems

Benefits

• Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
• The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.