Attack Surface Management Engineer
Attack Surface Management Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
The Attack Surface Management Engineer is responsible for activities related to the full scope of attack surface management with the goal to ensure comprehensive visibility and actionability of Experians entire attack surface exposures and vulnerabilities minimizing Experians risk potential. You will work with the Cyber Fusion Centre to provide accurate attack surface management discovery to support incidentrelated activities.
Reports to our Director of Attack Surface Management
Responsibilities
- Help with response to cybersecurity incidents ensuring relevant vulnerable asset discovery.
- Build and iteratively improve on Attack Surface Management processes to monitor and strengthen visibility and knowledge of the global attack surface.
- Engage with partners to ensure ASMrelated communication and reporting throughout the incident lifecycle
- Perform verification/validation testing for vulnerabilities across all asset types; demonstrate exploitation steps and verify remediation/fixes
- Perform programmatic and adhoc asset discovery to report on coverage gaps
- Implement daily operations of the Attack Surface Mgmt program including the interpretation of scanning results
- Help identify internal and external risks based on scanning results
- Support the attribution of findings to appropriate business owner
- Identify improvements to scan coverage
Qualifications :
Functional Requirements
- Expert level engineering experience to support Attack Surface Management in one of the following: Networking/Protocols Middleware Network Infrastructure Network Appliances APIs Cloud Infrastructure Cloud Services Mobile Devices Mobile Applications IoT Endpoints Operating Systems Wireless networking Thirdparty Integrations Data Storage Databases CICD Application Dependencies.
- Working knowledge of network security principles including segmentation firewalls and VPNs.
- Working knowledge of networking standards and protocols: IPv4 IPv6 TCP/IP DNS HTTPS TLS BGP Firewalls and NAT SMTP VPN ICMP SSH IPSec etc.
- Solid understanding of the application of some of the following frameworks and regulations and how they are applied to identifying and rating risk: OWASP SANS NIST 80061 CVSS CIS OSSTM ISO 27001 MITRE ATT&CK PCI HIPAA GDPR CMMC other.
- Working knowledge of industry accepted AI security practices.
- Knowledge of major cloud platforms (AWS Azure or GCP).
- Experience with cloud security practices and tools and the ability to respond to incidents in cloudbased infrastructure.
- Document all ASM aspects of incident response activities including timelines actions taken and lessons learned.
Additional Information :
Benefits package includes:
- Flexible work environment working hybrid or in the office if you prefer.
- Great compensation package and discretionary bonus plan
- Core benefits include pension bupa healthcare sharesave scheme and more
- 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experians DNA and practices and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work irrespective of their gender ethnicity religion colour sexuality physical ability or age. If you have a disability or special need that requires accommodation please let us know at the earliest opportunity.
Find out what its like to work for Experian by clicking here
#LIRemote
Experian Careers Creating a better tomorrow together
Find out what its like to work for Experian by clicking here
Remote Work :
Yes
Employment Type :
Fulltime
Employment Type
Remote
