Attack Surface Management Engineer

About The Position

Requirements

• Bachelor's degree or equivalent work experience.
• 4 - 6 years Cybersecurity or IT experience with progression from vulnerability analysis, exposure management, or ASM analyst functions.
• 4 - 6 years prior experience in highly regulated environments.
• Strong proficiency with asset discovery and attack surface management technologies across on‑prem IT, cloud, and IoMT environments.
• Strong ability to interpret, validate, and assess findings from attack surface management (ASM) and vulnerability management platforms.
• Strong understanding of the vulnerability management lifecycle, including remediation processes and governance requirements.
• Foundational experience correlating data across CMDBs, cloud inventories, and security tools.
• Ability to communicate technical findings to non-technical stakeholders with guidance.
• Working knowledge of healthcare cybersecurity frameworks including HIPAA, HITECH, NIST CSF, HITRUST, HICP, and NYSDOH 405.46.
• Strong analytical skills with attention to detail and data accuracy.
• Ability to operate effectively within defined processes and escalate appropriately.

Nice To Haves

• Prior experience in healthcare
• One of the following certifications required or obtained within 18 months of hire: CompTIA PenTest+, GIAC Security Essentials (GSEC), Tenable Certified Nessus Auditor (TCNA), CREST Registered Vulnerability Specialist (RVS)

Responsibilities

• Work with architecture and engineering personnel to implement automation and orchestration solutions where appropriate to improve efficiency and reduce manual effort.
• Collaborate with IT, clinical teams, and other departments to ensure cybersecurity measures are integrated into everyday operations without disrupting patient care.
• Manage vendor relationships related to security solutions, testing services, and consulting engagements.
• Maintain security tools and services ensuring continued uptime and efficient execution of scanning activities.
• Work with DevOps, cloud, and IT infrastructure teams to incorporate secure development practices and vulnerability remediation into their workflows.
• Perform continuous device and asset discovery across IT, cloud, medical, and IoT/OT environments using approved ASM tooling.
• Review and validate asset discovery and vulnerability findings to identify unmanaged, unknown, or misclassified assets.
• Correlate exposure and vulnerability data with CMDBs, internal inventories, and cloud asset repositories to improve accuracy.
• Support the enterprise vulnerability management lifecycle by tracking findings from identification through remediation.
• Apply risk-based vulnerability prioritization using exploitability, asset criticality, and business impact.
• Coordinate with system, application, and device owners to validate their proposed remediation actions and timelines.
• Review third-party penetration testing results and assist with remediation tracking and validation.
• Collaborate with SOC and incident response teams to contextualize vulnerabilities during investigations.
• Develop and maintain technical documentation, SOPs, and workflows related to ASM processes.
• Contribute to dashboards, KPIs, and reporting that measure attack surface coverage, vulnerability aging, and risk reduction.
• Monitor vulnerability and threat trends relevant to healthcare and emerging technologies.
• Assist with automation and orchestration initiatives to improve ASM efficiency under manager guidance.

Benefits

• An assortment of insurance products and discount programs through Voluntary Benefits.