Cybersecurity Attack Surface Management Expert
This role has been designed as 'Onsite' with an expectation that you will primarily work from an HPE office.
About our Cyber Security team:
Hewlett Packard Enterprise's Cybersecurity team is where you can make an impact at one of the world's leading tech companies. We're looking for a dynamic and experienced Attack Surface expert to join our Cybersecurity team.
Job Description:
As an Attack Surface Management (ASM) engineer at HPE, you will be responsible for the proactive identification and management of vulnerabilities, misconfigurations, and other security risks across HPE's threat landscape.
Your role will focus on continuously assessing and reducing the organization's attack surface, ensuring that security risks are identified, prioritized, and remediated in a timely manner.
You will leverage cyber intelligence to anticipate potential threats, enhance HPE's defensive strategies, as well as partner with stakeholders to prioritize HPE's risk mitigation & remediation efforts.
About You:
* Expert-level proficiency in attack surface management tools and vulnerability assessment platforms.
* Strong analytical and problem-solving skills, with the ability to assess complex environments and identify security risks.
* Advanced knowledge of scripting and automation (e.g., Python, PowerShell) to enhance asset discovery and vulnerability assessment capabilities.
* Ability to work independently and lead high-impact projects in a fast-paced, high-pressure environment.
* Advanced Cyber and IT security knowledge.
* Advanced understanding of networking and network security.
* Advanced security system analysis skills.
* Advanced risk assessment and management skills.
* Understanding of Cyber and IT security risks, threats, and prevention measures.
* Understanding of SQL and relevant scripting languages.
* Experience with vulnerability management tools and scanners.
* Experience with attack surface management tools and methodologies.
* Experience with threat intelligence platforms and sources.
* Excellent communication skills, with the ability to explain complex technical issues to non-technical audiences.
You will be responsible for:
* Leading the identification and continuous monitoring of the organization's external digital assets, including domains, IP addresses, cloud environments, and third-party integrations.
* Utilizing advanced tools and methodologies to discover and inventory all external-facing assets, ensuring comprehensive visibility across the organization's attack surface.
* Staying informed about changes in the organization's digital footprint, such as new acquisitions, mergers, or cloud deployments, and adjusting monitoring strategies accordingly.
* Analyzing identified assets for vulnerabilities, misconfigurations, and other security risks that could be exploited by adversaries.
* Performing regular assessments and prioritizing vulnerabilities based on potential impact and exploitability.
* Collaborating with vulnerability management and incident response teams to ensure timely remediation of identified issues.
* Developing and implementing proactive defense strategies to reduce the organization's attack surface and mitigate the risk of cyber-attacks.
* Working closely with security architecture and engineering teams to ensure secure configurations and to apply best practices for minimizing exposure.
* Providing actionable insights and recommendations to senior leadership on how to reduce risk and enhance the security of external assets.
* Integrating threat intelligence into attack surface management practices to stay ahead of emerging threats and adversary tactics.
* Conducting risk analysis to assess the potential impact of vulnerabilities and to prioritize defense efforts accordingly.
* Sharing findings with relevant teams and stakeholders to inform security strategies and decision-making processes.
* Developing and maintaining detailed reports and dashboards on attack surface metrics, vulnerability findings, and risk assessments.
* Providing regular briefings to senior leadership on the state of the organization's attack surface, highlighting key risks and recommended actions.
* Ensuring comprehensive documentation of processes, methodologies, and findings, contributing to the organization's knowledge base.
Education & Experience Requirements:
* Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent experience.
* 8 years + of experience in cybersecurity, with a focus on attack surface management, vulnerability management, or threat intelligence.
* Proven experience in managing and reducing attack surfaces for large, complex organizations.
* Strong knowledge of external digital assets, including cloud environments, web applications, and third-party integrations, and the associated security risks.
* Required: Certified Information Systems Security Professional (CISSP), GIAC Certified Vulnerability Assessor (GCVA), or equivalent.
* Preferred: GIAC Certified Penetration Tester (GPEN), Certified Ethical Hacker (CEH), or similar advanced certifications demonstrating expertise in attack surface management.
Additional Skills:
* Accountability, Action Planning, Active Learning, Active Listening, Agile Methodology, Business, Coaching, Creativity, Critical Thinking, Cybersecurity, Data Analysis Management, Data Controls, Design Thinking, Development Methodologies, Empathy, Follow-Through, Growth Mindset, Implementation Methodologies, Infrastructure Design, Long Term Planning, Managing Ambiguity.
What We Can Offer You:
Health & Wellbeing:
We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.
Personal & Professional Development:
We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.
Diversity, Inclusion & Belonging:
We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.
$120,000 - $180,000 per year