Cybersecurity Attack Surface Management Expert
تفاصيل الوظيفة
Cybersecurity Attack Surface Management Expert This role has been designed as 'Onsite' with an expectation that you will primarily work from an HPE office. Who We Are: Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world. Our culture thrives on finding new and better ways to accelerate what’s next. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE. Job Description: About our Cyber Security team: Are you ready to make an impact at one of the world’s leading tech companies? HPE’s Cybersecurity team is where you can do just that! We’re looking for a dynamic and experienced Attack Surface expert to join our Cybersecurity team. If you’re passionate about shaping the future of cybersecurity and ready for your next challenge, we’d love to hear from you. About the role: As an Attack Surface Management (ASM) engineer at HPE, you will be responsible for the proactive identification and management of vulnerabilities, misconfigurations, and other security risks across HPE’s threat landscape. Your role will focus on continuously assessing and reducing the organization’s attack surface, ensuring that security risks are identified, prioritized, and remediated in a timely manner. You will leverage cyber intelligence to anticipate potential threats, enhance HPE’s defensive strategies, as well as partner with stakeholders to prioritize HPE’s risk mitigation & remediation efforts. About You:
- Expert-level proficiency in attack surface management tools and vulnerability assessment platforms.
- Strong analytical and problem-solving skills, with the ability to assess complex environments and identify security risks.
- Advanced knowledge of scripting and automation (e.g., Python, PowerShell) to enhance asset discovery and vulnerability assessment capabilities.
- Ability to work independently and lead high-impact projects in a fast-paced, high-pressure environment.
- Advanced Cyber and IT security knowledge.
- Advanced understanding of networking and network security.
- Advanced security system analysis skills.
- Advanced risk assessment and management skills.
- Understanding of Cyber and IT security risks, threats, and prevention measures.
- Understanding of SQL and relevant scripting languages.
- Experience with vulnerability management tools and scanners.
- Experience with attack surface management tools and methodologies.
- Experience with threat intelligence platforms and sources.
- Excellent communication skills, with the ability to explain complex technical issues to non-technical audiences.
- Lead the identification and continuous monitoring of the organization’s external digital assets, including domains, IP addresses, cloud environments, and third-party integrations.
- Utilize advanced tools and methodologies to discover and inventory all external-facing assets, ensuring comprehensive visibility across the organization’s attack surface.
- Stay informed about changes in the organization’s digital footprint, such as new acquisitions, mergers, or cloud deployments, and adjust monitoring strategies accordingly.
- Analyze identified assets for vulnerabilities, misconfigurations, and other security risks that could be exploited by adversaries.
- Perform regular assessments and prioritize vulnerabilities based on potential impact and exploitability.
- Collaborate with vulnerability management and incident response teams to ensure timely remediation of identified issues.
- Develop and implement proactive defense strategies to reduce the organization’s attack surface and mitigate the risk of cyber-attacks.
- Work closely with security architecture and engineering teams to ensure secure configurations and to apply best practices for minimizing exposure.
- Provide actionable insights and recommendations to senior leadership on how to reduce risk and enhance the security of external assets.
- Integrate threat intelligence into attack surface management practices to stay ahead of emerging threats and adversary tactics.
- Conduct risk analysis to assess the potential impact of vulnerabilities and to prioritize defense efforts accordingly.
- Share findings with relevant teams and stakeholders to inform security strategies and decision-making processes.
- Develop and maintain detailed reports and dashboards on attack surface metrics, vulnerability findings, and risk assessments.
- Provide regular briefings to senior leadership on the state of the organization’s attack surface, highlighting key risks and recommended actions.
- Ensure comprehensive documentation of processes, methodologies, and findings, contributing to the organization’s knowledge base.
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent experience.
- 8 years + of experience in cybersecurity, with a focus on attack surface management, vulnerability management, or threat intelligence.
- Proven experience in managing and reducing attack surfaces for large, complex organizations.
- Strong knowledge of external digital assets, including cloud environments, web applications, and third-party integrations, and the associated security risks.
- Required: Certified Information Systems Security Professional (CISSP), GIAC Certified Vulnerability Assessor (GCVA), or equivalent.
- Preferred: GIAC Certified Penetration Tester (GPEN), Certified Ethical Hacker (CEH), or similar advanced certifications demonstrating expertise in attack surface management.
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.