Security Analyst Consultant - Attack Surface Management

About The Position

Requirements

• 6+ years of experience in cybersecurity, including security operations, threat hunting, offensive security, red teaming, or related disciplines
• Experience building, scaling, or leading Attack Surface Management (ASM) capabilities and programs
• Strong understanding of vulnerability management methodologies and risk prioritization frameworks
• Experience working within multi-cloud environments, including AWS, Azure, and GCP
• Deep knowledge of attacker tactics, techniques, and procedures (TTPs) and frameworks such as MITRE ATT&CK
• Expertise in network security, cloud security, attack path analysis, and external attack surface discovery
• Experience conducting OSINT, reconnaissance, and threat intelligence activities
• Proficiency with scripting and automation technologies such as Python and PowerShell
• Strong understanding of enterprise infrastructure, application architectures, and data flows
• Ability to evaluate and influence architectural decisions that reduce organizational risk
• Experience leading cross-functional security initiatives and driving collaboration across multiple teams
• Excellent written and verbal communication skills with the ability to communicate effectively with both technical and non-technical stakeholders
• Strong analytical and problem-solving skills with a data-driven approach to risk management

Nice To Haves

• Industry certifications such as CISSP, OSCE, GREM, or similar cybersecurity credentials
• Experience applying AI and automation technologies to security operations or attack surface management programs
• Experience with cloud-native security platforms and exposure management tooling
• Familiarity with threat modeling, purple teaming, or advanced adversary simulation exercises
• Experience working in large-scale enterprise environments with complex security requirements

Responsibilities

• Lead and mature the organization's Attack Surface Management (ASM) program, identifying opportunities to expand capabilities and improve visibility
• Develop and maintain a comprehensive understanding of the enterprise attack surface across cloud, network, and application environments
• Continuously identify, assess, and prioritize vulnerabilities and exposures based on business and security risk
• Partner with security, engineering, infrastructure, and cloud teams to drive remediation efforts and reduce risk
• Leverage metrics and analytics to measure program effectiveness and inform risk-based decision making
• Conduct external reconnaissance activities, OSINT research, and threat intelligence analysis to identify potential exposure points
• Monitor emerging threats, attacker techniques, and industry trends to proactively strengthen defensive capabilities
• Collaborate with Application Security, DevOps, and Cloud Engineering teams to promote secure-by-design practices
• Contribute to incident response investigations and post-incident analysis as needed
• Design and implement automation solutions that improve visibility, efficiency, and risk management workflows
• Develop and maintain operational standards, procedures, documentation, and runbooks
• Mentor team members and share expertise across security domains
• Support compliance initiatives including PCI DSS, SOC 2, and related regulatory requirements
• Validate security controls and identify opportunities for continuous improvement

Benefits

• Medical, Dental, Vision plans
• 401K with matching
• PTO for salaried employees