Distinguished Engineer, Exposure Management

About The Position

Requirements

• Bachelor's Degree (technical: engineering, math, CS preferred)
• 15+ years of experience in technical roles, with demonstrated ability to influence without authority across technical and executive audiences
• 10+ years of experience acting as a bridge between deep technical work and business strategy, translating between the two fluently
• 10+ years of data architecture experience at enterprise scale — including canonical/conceptual data modeling, entity-relationship and graph modeling, ingestion and normalization patterns, data contracts, lineage, master/reference data, and data quality/SLA management — with demonstrated ownership of end-to-end data architecture for a complex, multi-source platform (not solely field-/table-level data product design)
• 8+ years architecting large-scale automation and data/ML systems in production, with demonstrated experience integrating ML or LLM capabilities into security or operational workflows
• 8+ years in cybersecurity, with at least 5 of those in vulnerability management, exposure management, threat & vulnerability response, detection engineering, or red team / offensive security
• 5+ years setting multi-year technical strategy and architectural roadmaps for enterprise-scale platforms, including the underlying data architecture
• Demonstrated experience leading the transformation of a security or IT operations capability from batch, ticket-driven, human-mediated workflows to continuous, automated, near real-time operations at enterprise scale — including measurable reductions in manual work and operating cost
• Deep working knowledge of the CTEM lifecycle (Scoping, Discovery, Prioritization, Validation, Mobilization) and of the supporting tool categories — EASM, RBVM, BAS/AEV, CSPM, SSPM, ISPM/ITDR, and CTI platforms — including how their data is integrated into a unified exposure view
• Demonstrated experience defining and operating outcome-based exposure metrics — validated exposure count, attack-path reduction, MTTR for validated findings, coverage %, validation success rate, and automation rate — and reporting them to executive and board audiences, including accountability for the underlying data pipelines and SLAs
• Experience designing and operating exposure programs across hybrid environments (public cloud, SaaS, on-prem, identity) at enterprise scale
• Strong written and verbal communication, including proven experience briefing executive leadership and the board
• 3+ years leading strategic response to high-impact security events under time pressure (zero-days, supply-chain incidents, active exploitation), including driving the shift from manual war-room response to automated, playbook-driven impact assessment and mobilization

Nice To Haves

• Demonstrated track record applying GenAI / LLMs to security operations problems (alert triage, exposure summarization, remediation guidance, detection engineering, threat-intel synthesis), including practical awareness of model-risk, prompt-injection, data-leakage, and non-human-identity exposure concerns
• Hands-on experience with attack-graph / security-graph platforms (e.g., XM Cyber, Wiz Security Graph, Tenable One, Microsoft Security Exposure Management) and attack-path analysis at enterprise scale
• Deep experience with modern data platforms and patterns relevant to security analytics — data lakehouse, streaming/event-driven ingestion, graph databases, identity/asset graphs, semantic layers, and federated query — and with data governance, lineage, and observability tooling
• Experience integrating cyber threat intelligence (CTI) into prioritization and validation workflows, and mapping exposure findings to adversary TTPs (MITRE ATT&CK, D3FEND) relevant to healthcare-sector threat actors
• Experience governing non-human / machine identity exposure — service accounts, API keys, secrets, and AI agent identities — including automated discovery, rotation, and least-privilege enforcement
• Experience building automated mobilization and remediation pipelines using SOAR, ITSM (ServiceNow, Jira), patch and configuration management, and IaC (Terraform, GitOps) integrations — including automated change-management and rollback patterns
• Healthcare-sector exposure experience: medical device security (FDA pre/post-market guidance, MDS2), PHI-handling clinical and pharmacy systems, retail-store endpoint estates, and healthcare OT/IoT
• Experience operating exposure programs simultaneously against the SEC cyber-incident disclosure rule, HIPAA Security Rule, HITRUST CSF, PCI DSS 4.0, and NIST CSF 2.0
• Experience extending exposure visibility and prioritization to critical third parties, SaaS providers, and software supply chain (SBOM, dependency, and build-system exposure)
• Partnership experience with resilience, BCDR, and incident response leadership, ensuring exposure findings inform recovery planning and ransomware-readiness exercises
• Industry certifications such as CISSP, GIAC (e.g., GCIH, GPEN, GXPN, GCDA), OSCP / OSCE, or equivalent
• Open-source, publication, or community contribution in exposure management, vulnerability management, detection engineering, data architecture, or applied ML for security
• Master's Degree, or Doctorate

Responsibilities

• Leads the strategic transformation of exposure management from batch-oriented, ticket-driven, human-mediated workflows with multi-week SLAs to a continuous, near real-time, machine-speed model — re-architecting the end-to-end pipeline (scoping, discovery, prioritization, validation, mobilization) so that exposures are detected, validated, prioritized, and routed for remediation without manual intervention wherever safe to do so
• Designs and delivers automation, ML, and GenAI capabilities that accelerate exposure discovery, prioritization, validation, remediation, and incident response — including LLM-assisted triage, exposure summarization, remediation guidance, detection engineering, and threat-intel synthesis — and that materially reduce manual workk and operating cost
• Owns the end-to-end data architecture for exposure management — defining the canonical data model, asset and identity graph, ingestion and normalization patterns, data contracts, lineage, retention, and access controls across telemetry and business-context sources — so that downstream automation, prioritization, ML, and reporting are built on trustworthy, timely, and SLA-bound data
• Architects a unified exposure view across vulnerability scanning and CTI tooling — using attack-graph and identity/asset relationship analysis to surface 'toxic combinations' and exploitable paths to critical assets, PHI, and payment data, and to drive attack-path-based prioritization in place of CVE-list-based prioritization
• Defines the outcome-based exposure metrics framework — including validated exposure count, attack-path reduction, MTTR for validated findings, coverage %, validation success rate, automation rate, and risk reduction rate — and the executive and regulatory reporting that translates them into business risk and disclosure narrative; accountable for ensuring metrics can be accurately computed and delivered within SLA
• Builds the cross-team remediation operating model and the automated mobilization layer (ticketing, workflow, change, patch, and IaC integration) that drives adoption of exposure management standards across engineering, IT, cloud, identity, and business owners — replacing email- and meeting-based handoffs with API-driven, SLA-bound automation
• Sets technical direction and the multi-year architectural roadmap for the exposure management platform — including target-state automation and data architecture, build-vs-buy decisions, and integration with resilience, BCDR, and ransomware-recovery planning
• Mentors senior engineers, data engineers, and architects; raises the technical bar across the security engineering organization, with particular focus on automation-first, validation-driven, threat-informed, and data-architecture-led engineering practices
• Represents the enterprise externally with vendors, peer organizations, and the security community on exposure management, automation, and applied AI/ML in security

Benefits

• medical
• dental
• vision coverage
• paid time off
• retirement savings options
• wellness programs