Attack Surface Management (ASM) Senior Analyst
About The Position
The Attack Surface Management (ASM) Senior Analyst independently leads programs, projects, and operational initiatives to manage technical risk at scale across Best Buy. This role partners with IT and business stakeholders to collect, analyze, and communicate vulnerability and configuration risk data, translating findings into clear reporting and metrics that inform risk posture and decision‑making. The Senior Analyst ensures services are delivered effectively, manages stakeholder expectations, and contributes to continuous improvement of technical risk management processes. They mentor and support analysts, help maintain dashboards and reporting artifacts, and adapt quickly to evolving tools, technologies, and processes. A strong foundation in security, vulnerability and configuration risk, and an understanding of key business systems are essential for success. This role is hybrid, which means you will work some days at our corporate office in Richfield, Minnesota, and some days virtually from home or another non-Best Buy location. The specific work arrangements vary by role and team. The recruiter or hiring manager will provide more details during the hiring process.
Requirements
- 2 or more years of experience in vulnerability management, application security or security operations, including involvement in application security, secure coding practices, or other vulnerability related identification, triage, and remediation processes.
- 2 or more years of experience managing Network and infrastructure, Windows, Linux, and/or mobile platforms patching or security configuration and remediation activities.
- Strong written and verbal communication skills, with emphasis on distilling complex technical vulnerabilities into actionable business insights.
Nice To Haves
- 2 or more years of experience supporting application or software security processes, including identification and remediation of security concerns.
- 2 or more years of experience implementing or maintaining secure configuration standards across systems or platforms.
- 1 or more years of experience designing, improving, or optimizing web applications.
- Experience using standardized frameworks like CVSS to triage vulnerabilities.
- Familiarity with OWASP Top 10 lists.
- Hands‑on experience with cloud platforms and awareness of common security risks and control mechanisms.
- Experience working with containerized environments and understanding associated security controls and risks.
Responsibilities
- Perform risk-based vulnerability analysis by evaluating severity, exploitability, asset criticality, and business impact to prioritize remediation efforts.
- Partner with engineering, infrastructure, and application teams to drive timely remediation and compensating controls for identified vulnerabilities.
- Develop and maintain vulnerability management reporting (dashboards, metrics, KPIs) that clearly communicate risk posture, trends, and remediation progress.
- Support and improve security, risk, and compliance workflows through process evaluation, documentation, and training.
- Monitor ongoing activities, identify gaps or improvement opportunities, and communicate findings and solutions to leadership.
- Translate technical vulnerability data into clear business risk narratives for non-technical stakeholders.
- Lead vulnerability triage activities, including validation, false-positive reduction, and prioritization aligned to risk tolerance and SLAs
Benefits
- Competitive pay
- Generous employee discount
- Physical and mental well-being support
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
