Attack Surface Management Lead

About The Position

Requirements

• Bachelor’s Degree in Computer Science, Engineering or related field
• At least 6 years of experience in information security
• At least 3 years directly focused on attack surface management, external vulnerability management, or asset discovery following legal, regulatory, and industry standards and requirements
• Advanced technical knowledge, methodologies and tools (e.g., Tenable, Rapid7 Insight VM, Qualys VMDR, or similar platforms)
• Strong understanding of cloud security (AWS, Azure, GCP), network reconnaissance, and vulnerability assessment
• Experience with JIRA, vulnerability management workflows, and security automation tools
• Experience with threat intelligence platforms and CSIRT coordination
• Strong analytical and problem-solving skills with the ability to assess complex security issues and develop effective solutions
• Excellent verbal and written communication skills in English, capable of conveying complex security concepts to non-technical stakeholders
• Strong interpersonal skills and the ability to work collaboratively with cross-functional teams and external partners
• Broad knowledge of project management methodologies; experience managing complex, multi-stakeholder initiatives; ability to design and implement process improvements.

Responsibilities

• Lead the design and evolution of comprehensive ASM strategies aligned with organizational risk reduction targets
• Architect ASM discovery, monitoring, and validation frameworks that identify and track external assets across cloud, network, application environments, websites and digital products
• Develop and implement advanced detection methodologies for shadow IT and rogue assets
• Establish baseline metrics and KPIs for attack surface visibility and coordinate their achievement across LS business and security operations teams
• Make improvements to existing ASM processes, tools, and workflows; collaborate across global Cyber Security team to implement these enhancements; improve automation
• Evaluate and drive adoption of new ASM tooling, platforms, and technologies
• Communicate with security operations, vulnerability management, infrastructure, development, and business teams to establish priorities.
• Gain organizational cooperation on the adoption of new ASM processes and procedures by clearly demonstrating business value
• Coordinate with external stakeholders including cloud service providers, domain registrars, and security vendors
• Partner with the vulnerability management function to ensure discovered all assets are properly scanned, classified, and prioritized
• Ensure attack surface visibility feeds directly into vulnerability management workflows and tracking systems
• Prioritize discovered assets and vulnerabilities using business impact, EPSS scoring
• Support executive reporting on attack surface reduction progress
• Maintain oversight of critical vulnerabilities tied to external-facing assets and coordinate remediation timelines
• Manage complex, multi-phase ASM initiatives with general oversight; define scope, timelines, resource requirements, and success criteria
• Lead projects such as cloud security posture assessments, third-party risk management integrations, or regional attack surface reduction campaigns
• Work with minimal day-to-day direction; escalate strategic decisions and blockers appropriately to leadership
• Track project health through metrics and maintain stakeholder visibility on progress and risks
• Incorporate relevant threat intelligence (zero-day vulnerabilities, attack trends, industry-specific risks) into attack surface prioritization decisions
• Ensure processes align with legal, regulatory, and industry standards and requirements (e.g. ISO/IEC 27001/27002, NIST CSF, NIS2, CRA, IEC62443, PCI DSS)
• Contribute to security assessments and audit responses related to external assets.

Benefits

• health insurance
• paid time off (PTO)
• retirement contributions