External Attack Surface Management Analyst
About The Position
As an External Attack Surface Management (EASM) Analyst on our team, you’ll continuously identify, monitor, and manage the company’s internet-facing risk exposure. This role focuses on discovering all external assets, including known and shadow IT systems, assessing their security posture, and proactively identifying, prioritizing, and mitigating vulnerabilities and misconfigurations based on risk and potential impact. The EASM Analyst plays a critical role in protecting Booz Allen from external threats by delivering real-time visibility, risk prioritization, and actionable remediation guidance. Working closely with threat intelligence, digital risk protection, and security engineering teams, this position ensures that external exposures are rapidly identified and addressed before they can be exploited. Due to the nature of work performed within this facility, U.S. citizenship is required.
Requirements
- 4+ years of experience in vulnerability management, security operations, or incident response
- Experience with an Attack Surface Management discovery tool such as Defender EASM
- Experience with securing cloud infrastructure such as AWS, Azure, or GCP
- Experience with automation and data analysis such as Python preferred
- Experience with API integrations to connect disparate systems, automate processes, and improve operational efficiency
- Knowledge of networking fundamentals including TCP, IP, DNS, HTTP, HTTPS, SSL, and TLS
- Associate’s degree and 7+ years of experience supporting IT projects and activities, Bachelor’s degree and 5+ years of experience supporting IT projects and activities, Master’s degree and 3+ years of experience supporting IT projects and activities, or 12+ years of experience supporting IT projects and activities in lieu of a degree
Nice To Haves
- Experience with data analytics including data manipulation, visualization, and reporting
- Experience partnering with system owners to identify mitigations or compensating controls when remediation is not immediately feasible
- Experience triaging vulnerabilities and determining risk-based prioritization
- Experience with IT service management platforms such as ServiceNow
- Knowledge of Configuration Management Database (CMDB) concepts and implementation
- Knowledge of security frameworks such as NIST CSF, MITRE ATT&CK, or CIS Controls
- Ability to translate technical findings into business risk for non-technical stakeholders
Responsibilities
- Continuously identify, monitor, and manage the company’s internet-facing risk exposure.
- Discover all external assets, including known and shadow IT systems.
- Assess the security posture of external assets.
- Proactively identify, prioritize, and mitigate vulnerabilities and misconfigurations based on risk and potential impact.
- Deliver real-time visibility, risk prioritization, and actionable remediation guidance.
- Ensure that external exposures are rapidly identified and addressed before they can be exploited.
Benefits
- health, life, disability, financial, and retirement benefits
- paid leave
- professional development
- tuition assistance
- work-life programs
- dependent care
- recognition awards program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
Associate degree
