Senior Security Engineer – Attack Surface Management

About The Position

Requirements

• Bachelor’s degree in computer science, cybersecurity, or related field—or equivalent experience.
• 8+ years of experience in security engineering, attack surface management, configuration management, or related roles.
• Demonstrated experience in contextualizing vulnerabilities, using threat intelligence, asset classification and business impact.
• Proficiency with scripting languages such as PowerShell, Python, or Bash for automation, integration, and process improvement in security operations.
• Experience with ASM/OSINT tools (e.g., BurpSuite, AMASS, PassiveTotal, SecurityTrails, Nuclei, Recon-NG, GoWitness, MassDNS, Masscan, Censys.io, Shodan, Bitsight, etc.).
• Proficiency with configuration management tools (e.g., Ansible, Chef, Puppet)
• Experience with vulnerability management platforms (Tenable, Qualys, Rapid7, etc.), running vulnerability scans, monitoring agent health, and maintaining scanner operability.
• Strong understanding of Cisco, Windows, Linux, Kali Linux, Oracle Linux, and macOS operating systems.
• Hands-on experience with cloud platforms (Google Cloud, Microsoft Azure, AWS).
• Familiarity with security frameworks and standards (e.g., CIS Benchmarks, SCAP, NIST CSF, MITRE ATT&CK, PCI-DSS).
• Experience with ServiceNow security-related modules such as Vulnerability Response & Configuration Compliance.
• Strong data management, reporting, and communication skills.
• Willingness to travel.

Nice To Haves

• Certified Information Systems Security Professional (CISSP)
• GIAC Security Essentials (GSEC)
• GIAC Certified Vulnerability Assessor (GCVA)
• Microsoft Certified: Azure Security Engineer Associate
• AWS Certified Security – Specialty
• Google Cloud Security Engineer
• Offensive Security Certified Professional (OSCP)

Responsibilities

• Attack Surface Reduction: Continuously discover all digital assets, including domains, IPs, cloud buckets, APIs, endpoints, and applications. Develop and implement strategies to reduce exposure across digital assets. Monitor KeyBank’s environment to ensure the attack surface is minimal.
• Exposure & Vulnerability Monitoring: Lead vulnerability scanning operations and coordinate with patching teams for remediation. Monitor new threats, changes to the attack surface, and emerging risks using automated tools and threat intelligence feeds. Prioritize vulnerabilities based on asset criticality, threat intelligence, and exposure risk.
• Risk-Based Prioritization & Remediation: Translate technical risk information into actionable insights for business leaders. Enable swift remediation through workflow automation, ServiceNow integration, and proactive notifications.
• Threat Intelligence Integration: Collaborate with threat intelligence and Red Teams to incorporate external threat data and validate ASM controls through adversary simulation.
• Governance, Reporting, and Collaboration: Support asset ownership identification and maintain robust accountability frameworks. Offer guidance on governance frameworks and support the creation of remediation playbooks. Collaborate with IT, CIS, and third-party risk teams to align ASM initiatives with organizational risk priorities.
• Compliance Reporting: Define and track key performance indicators for ASM effectiveness (e.g., reduction in exposed assets, time to remediate vulnerabilities). Track and report on configuration compliance metrics, maintain automated dashboards, and provide visibility to stakeholders and leadership.
• Documentation & Audit Support: Document configuration changes, exceptions, and remediation activities. Support internal and external audits by providing evidence of compliance and remediation.
• Process Automation: Assist in the development and automation of configuration management and compliance reporting tools and frameworks.
• Knowledge Sharing: Share knowledge and best practices with the team through presentations, documentation, and training sessions. Mentor junior team members to foster a culture of security awareness.
• Incident Response: Support incident response and remediation efforts by identifying and correcting misconfigurations and partnering with blue teams to improve detection and response capabilities related to configuration changes and vulnerabilities.