AppSec Jobs
← Back to all jobs

Boeing

Senior Vulnerability Management & Application Security Versatilist

Kent, WAWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Boeing

Boeing is a prominent American aerospace and defense company, established in 1916 by William E. Boeing. Originally named Pacific Aero Products Company, it has grown into one of the largest manufacturers of commercial and military aircraft in the world. Boeing is known for its innovative aircraft, including the 737, 747, 777, and 787 Dreamliner families, which serve airlines globally. The company operates in various sectors, focusing on designing, manufacturing, and selling airplanes, rotorcraft, rockets, satellites, telecommunications equipment, and missiles. Boeing also provides leasing and product support services. Its defense division produces military aircraft, helicopters, satellites, and missile defense systems. Additionally, Boeing invests in advanced aerospace technologies, including autonomous systems and sustainable aviation solutions, while offering maintenance, training, and logistics support to its customers. Boeing serves a diverse clientele, including commercial airlines, governments, and defense agencies, and collaborates with space agencies and telecommunications providers. Its legacy is marked by pioneering designs and a commitment to innovation in the aerospace industry.

Industry

aviation & aerospace

Employees

172,000

38550 engineers

Revenue

$67B

Website

Visit →

Security at Boeing

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Boeing's Application Security (AppSec) approach is deeply integrated into its product lifecycle and emphasizes a proactive, risk-managed strategy.
  • The company focuses on securing software products and pipelines, cloud-based development environments, and operational technology.
  • This is achieved through a combination of established security principles, industry standards, and continuous improvement processes.
  • Boeing's stated AppSec mission is to "develop, implement, and sustain security and resiliency throughout the product requirements, design, build, test, production, operations, and support lifecycle."The company manages "risk in accordance with accepted industry, professional, and government standards to ensure security design integrity, availability, confidentiality, and regulatory compliance,"and conducts "regular risk assessments to highlight areas of improvement and implement necessary controls."Boeing also "deploys DevSecOps best practices into Program pipelines, including tool selection, configuration, and analysis,"indicating an enablement approach by integrating security into development workflows.

Security Team

The Enterprise Product Security Software organization supports security experts across all business units. Cyber risk processes are integrated into Enterprise Risk Management (ERM) and Compliance Risk Management (CRM), overseen by the Board of Directors. A key public-facing leader is Sean Sullivan, Director, Chief Engineer, Product Security Boeing Commercial Airplanes, who manages product security for Boeing commercial airplanes, including the aircraft, communications, ground systems, and factory cyber. The team size is not publicly available. As of, there were at least 4 active AppSec job postings. Common skill and tool patterns in these postings include assessing software subsystem adversity, securing cloud-based software development environments, deploying DevSecOps best practices, performing Common Vulnerabilities and Exploits (CVE) analysis, and defining and deploying consistent software security standards within the Software Development Lifecycle.

Key Initiatives

No public evidence of a Security Champions Program was found. Boeing practices "Shift Left"by deploying "DevSecOps best practices into Program pipelines, including tool selection, configuration, and analysis."For vulnerability management, Boeing performs "Common Vulnerabilities and Exploits (CVE) analysis and coordinate with system stakeholders to appropriately mitigate and address,"and maintains "a formal incident response playbook that defines general processes and protocols."Boeing also defines and deploys "consistent software security standards within the Software Development Lifecycle"and aims to "develop, implement, and sustain security and resiliency throughout the product requirements, design, build, test, production, operations, and support lifecycle."

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.