Cybersecurity/Attack Surface Management Engineer

Description:

Business Initiative/Purpose: (Goal, Business Impact, Accomplishments from the work)

• Lead EASM validation and engineering: Investigate and reproduce findings from EASM platforms (e.g., exposed services, misconfigurations, weak crypto, DNS issues, leaked assets).

Bachelor Degree: (Required, Preferred or Not Required)

• Required or enough job experience.

Role Responsibilities: (what they will be doing)

• The Cybersecurity Engineer (Attack Surface Management) is responsible for designing, implementing, and maturing advanced security validation capabilities to safeguard enterprise systems and applications.
• This role focuses on continuous security validation through External Attack Surface Management (EASM) tools, integration with existing security infrastructure, and providing actionable insights to strengthen the firm’s cyber resilience.
• The engineer partners with cross-functional teams to simulate real-world adversarial tactics, techniques, and procedures (TTPs), evaluate control effectiveness, and recommend enhancements that align with enterprise risk management and regulatory standards.                                          

Must Have Skills/Prior Experiences: (Vendor should not submit any candidate that does not have these skills/prior experience.)

• Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s).
• Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle.
• Experience with penetration testing, vulnerability management, and security tools.
• Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).

PlNice to Have Skills/Prior Experiences: (Hiring Manager DOES NOT require these skills/ prior experience. However candidates with any of these will be looked at first.)

• Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s)
• Bachelor’s degree and twelve years of experience or an equivalent combination of education and work experience.
• Banking or financial services experience.
• Experience in designing and executing Attack Scenarios: Plan and conduct realistic cyberattack simulations that mimic real-world threat actor tactics, techniques, and procedures (TTPs).
• Analyze Simulation Results: Evaluate the outcomes of BAS, identifying weaknesses in security controls, vulnerabilities, and gaps in detection and response capabilities.
• Provide Actionable Recommendations: Develop and present recommendations to improve security policies, procedures, and technologies based on simulation findings.
• Document and Communicate: Maintain documentation of BAS methodologies, procedures, and results, and communicate findings to technical and non-technical stakeholders.
• Collaborate with Security Teams: Work with security analysts and engineers to adjust alerts, rules, and controls based on simulation results.
• Advanced Threat Hunting and Intelligence: Utilize threat intelligence to inform attack scenarios and identify emerging threats.
• Vulnerability Management: Identify, prioritize, and recommend remediation of high-risk vulnerabilities.
• Red Teaming and Blue Teaming: May also participate in red, purple, and blue team exercises to further evaluate security posture.
• Strong understanding of cybersecurity concepts, including attack vectors, TTPs, and security controls.
• Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle
• Experience with penetration testing, vulnerability management, and security tools.
• Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).
• Knowledge of common threat intelligence sources and frameworks.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and as part of a team.
• Experience with cybersecurity frameworks and standards (e.g., NIST, MITRE ATT&CK and D3FEND).
• Experience with GRC engineering.
• Strong knowledge of cloud security (AWS/Azure), PKI/TLS hygiene, DNS hardening, and external service posture.
• Hands-on experience with EASM platforms (e.g., Defender EASM, Cortex Xpanse, CyCognito, etc.) and strong understanding of internet-scale asset discovery
• Hands-on experience with vulnerability engineering or external attack surface security, with proven leadership in complex environments
• Experience with commercial BAS tools: AttackIQ, SafeBreach, Cymulate, etc.
• Experience with detection engineering and SOAR.