Attack Surface Management Specialist

About The Position

Requirements

• 6+ years of experience in information security, with at least 4 years directly focused on attack surface management, external vulnerability management, or asset discovery
• Advanced technical knowledge, methodologies and tools (e.g., Tenable, Shodan, Rapid7 Insight VM, Qualys VMDR, or similar platforms)
• Broad knowledge of project management methodologies; experience managing complex, multi-stakeholder initiatives, ability to design and implement process improvements
• Strong understanding of cloud security (AWS, Azure, GCP), network reconnaissance, and vulnerability assessment
• Excellent written and verbal communication skills; ability to explain complex security concepts to technical and non-technical audiences
• Experience with JIRA, vulnerability management workflows, and security automation tools
• Bachelor's degree in Computer Science/Information Security or equivalent professional experience

Nice To Haves

• Experience with threat intelligence platforms and CSIRT coordination
• Knowledge of OWASP, NIST Cybersecurity Framework, or similar security standards
• Experience in responsible disclosure program management
• Experience in a large SaaS organization, world distributed security teams

Responsibilities

• Attack Surface Management Strategy & Architecture Lead the design and evolution of comprehensive attack surface management strategies aligned with organizational risk reduction targets
• Architect ASM discovery, monitoring, and validation frameworks that identify and track external assets across cloud, network, and application environments
• Develop and implement advanced detection methodologies for shadow IT and rogue assets
• Establish baseline metrics and KPIs for attack surface visibility and coordinate their achievement across security operations teams
• Process Improvement & Automation Make improvements to existing ASM processes, tools, and workflows; own the end-to-end execution of these enhancements, improve automation
• Evaluate and drive adoption of new ASM tooling, platforms, and technologies.
• Improve team efficiency and document standard operating procedures
• Cross-Functional Leadership & Collaboration Communicate with security operations, vulnerability management, infrastructure, development, and business teams to establish priorities.
• Gain organizational cooperation on the adoption of new ASM processes and procedures by clearly demonstrating business value
• Coordinate with external stakeholders including cloud service providers, domain registrars, and security vendors
• Partner with the vulnerability management function to ensure discovered all assets are properly scanned, classified, and prioritized
• Vulnerability & Risk Management Integration Ensure attack surface visibility feeds directly into vulnerability management workflows and Jira tracking systems
• Prioritize discovered assets and vulnerabilities using business impact, EPSS scoring
• Support executive reporting on attack surface reduction progress
• Maintain oversight of critical vulnerabilities tied to external-facing assets and coordinate remediation timelines
• Complex Project Management Manage complex, multi-phase ASM initiatives with general oversight; define scope, timelines, resource requirements, and success criteria
• Lead projects such as cloud security posture assessments, third-party risk management integrations, or regional attack surface reduction campaigns
• Work with minimal day-to-day direction; escalate strategic decisions and blockers appropriately to leadership
• Track project health through metrics and maintain stakeholder visibility on progress and risks
• Threat Intelligence & Compliance Integration Incorporate relevant threat intelligence (zero-day vulnerabilities, attack trends, industry-specific risks) into attack surface prioritization decisions
• Ensure processes align with compliance (SOC 2, ISO 27001, regional data protection)
• Contribute to security assessments and audit responses related to external assets.