Cybersecurity Engineer

Job#: 3029007

Job Description:

*Client Job Description

Font

Salesforce Sans

Font Size

13

Bachelor Degree:
(Required, Preferred or Not Required)Required or enough job experience.Role Responsibilities:
(what they will be doing) The Cybersecurity Engineer (Attack Surface Management) is responsible for designing, implementing, and maturing advanced security validation capabilities to safeguard enterprise systems and applications. This role focuses on continuous security validation through External Attack Surface Management (EASM) tools, integration with existing security infrastructure, and providing actionable insights to strengthen the firm's cyber resilience. The engineer partners with cross-functional teams to simulate real-world adversarial tactics, techniques, and procedures (TTPs), evaluate control effectiveness, and recommend enhancements that align with enterprise risk management and regulatory standards. Must Have Sklls/Prior Experiences:
(Vendor should not submit any candidate that does not have these skills/prior experience.)Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s). Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle. Experience with penetration testing, vulnerability management, and security tools. Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).PlNice to Have Sklls/Prior Experiences:
(Hiring Manager DOES NOT require these skills/ prior experience. However candidates with any of these will be looked at first.)1. Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s)
2. Bachelor's degree and twelve years of experience or an equivalent combination of education and work experience
3. Banking or financial services experience
4. Experience in designing and executing Attack Scenarios: Plan and conduct realistic cyberattack simulations that mimic real-world threat actor tactics, techniques, and procedures (TTPs).
5. Analyze Simulation Results: Evaluate the outcomes of BAS, identifying weaknesses in security controls, vulnerabilities, and gaps in detection and response capabilities.
6. Provide Actionable Recommendations: Develop and present recommendations to improve security policies, procedures, and technologies based on simulation findings.
7. Document and Communicate: Maintain documentation of BAS methodologies, procedures, and results, and communicate findings to technical and non-technical stakeholders.
8. Collaborate with Security Teams: Work with security analysts and engineers to adjust alerts, rules, and controls based on simulation results.
9. Advanced Threat Hunting and Intelligence: Utilize threat intelligence to inform attack scenarios and identify emerging threats.
10. Vulnerability Management: Identify, prioritize, and recommend remediation of high-risk vulnerabilities.
11. Red Teaming and Blue Teaming: May also participate in red, purple, and blue team exercises to further evaluate security posture.
12. Strong understanding of cybersecurity concepts, including attack vectors, TTPs, and security controls.
13. Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle
14. Experience with penetration testing, vulnerability management, and security tools.
15. Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).
16. Knowledge of common threat intelligence sources and frameworks.
17. Excellent analytical, problem-solving, and communication skills.
18. Ability to work independently and as part of a team.
19. Experience with cybersecurity frameworks and standards (e.g., NIST, MITRE ATT&CK and D3FEND).
20. Experience with GRC engineering
21. Strong knowledge of cloud security (AWS/Azure), PKI/TLS hygiene, DNS hardening, and external service posture.
22. Hands-on experience with EASM platforms (e.g., Defender EASM, Cortex Xpanse, CyCognito, etc.) and strong understanding of internet-scale asset discovery
23. Hands-on experience with vulnerability engineering or external attack surface security, with proven leadership in complex environments
24. Experience with commercial BAS tools: AttackIQ, SafeBreach, Cymulate, etc.
25. Experience with detection engineering and SOAR
Critical Screening Questions and Answers:
(Used by Supplier to Get Best Fit. Suppliers will provide the candidate answers to these questions as part of resume submittal to VMS)1. External Attack Surface Management (EASM) Experience
Screening Question
Describe your hands-on experience with External Attack Surface Management (EASM). Which platforms have you used, and how did you validate and reproduce findings such as exposed services, misconfigurations, or leaked assets?
Strong / Target Answer
"I have hands-on experience with EASM platforms such as Microsoft Defender EASM, Cortex Xpanse, and CyCognito. I routinely validate findings by manually reproducing them using passive and active reconnaissance techniques-reviewing DNS records, TLS configurations, exposed APIs, cloud endpoints, and public-facing services. I correlate assets across IPs, domains, and cloud accounts, eliminate false positives, and confirm business ownership before escalating issues. I also tune discovery seeds and asset correlation logic to improve signal fidelity."
2. Reconnaissance and Internet-Scale Asset Discovery
Screening Question
What techniques and tools do you use for active and passive reconnaissance to profile an organization's external attack surface?
Strong / Target Answer
"I combine passive techniques such as certificate transparency logs, DNS enumeration, WHOIS data, and threat intelligence feeds with active reconnaissance like port scanning, service fingerprinting, and banner analysis. I use tools both built into EASM platforms and custom scripts to validate exposure. The goal is to maintain accurate asset attribution while avoiding unnecessary disruption, especially in regulated environments."
3. Breach and Attack Simulation (BAS) and Scenario Engineering
Screening Question
Explain how you design and execute Breach and Attack Simulation (BAS) or Continuous Security Validation scenarios. How do you ensure they reflect real-world threat actor behavior?
Strong / Target Answer
"I design BAS scenarios aligned to MITRE ATT&CK techniques relevant to our threat landscape. Scenarios simulate realistic kill-chain activity-from initial access through lateral movement and exfiltration-using commercial BAS tools like AttackIQ, SafeBreach, or Cymulate. I map simulations to known adversary TTPs, validate control coverage, and ensure detections are meaningful rather than tool-driven noise."
4. Translating Findings into Actionable Risk Reduction
Screening Question
How do you analyze EASM or BAS results and translate them into actionable recommendations for technical and non-technical stakeholders?
Strong / Target Answer
"I prioritize findings based on exploitability, exposure, and business impact rather than severity alone. I produce clear remediation guidance tied to specific controls-firewalls, IAM, DNS, PKI/TLS, SOAR, or detection rules-and communicate results in both technical detail and executive-level risk language. Recommendations are aligned to enterprise risk posture, regulatory expectations, and frameworks like NIST and MITRE."
5. Automation, CI/CD, and Engineering Maturity
Screening Question
Describe your experience with automation and CI/CD pipelines in a security engineering context. How have you applied this to ASM, BAS, or validation workflows?
Strong / Target Answer
"I've built and maintained CI/CD pipelines using tools like GitLab, GitHub, Jenkins, Terraform, and cloud-native services in AWS or Azure. I automate validation tasks, simulation execution, alert testing, and data enrichment using Python, PowerShell, and Bash. Automation helps scale attack surface monitoring, reduce manual validation time, and continuously test security controls as environments change."

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.