Logo of Huzzle

Cybersecurity Attack Surface Management Expert

  • Job
    Full-time
    Senior Level
  • Software Engineering
    IT & Cybersecurity
  • Galway

AI generated summary

  • You must have expert proficiency in attack surface management tools, strong analytical skills, advanced scripting knowledge, 8+ years in cybersecurity, and relevant certifications like CISSP.
  • You will monitor digital assets, assess vulnerabilities, collaborate on remediation, develop defense strategies, analyze risks, and report metrics to senior leadership for improved cybersecurity.

Requirements

  • Expert-level proficiency in attack surface management tools and vulnerability assessment platforms.
  • Strong analytical and problem-solving skills, with the ability to assess complex environments and identify security risks.
  • Advanced knowledge of scripting and automation (e.g., Python, PowerShell) to enhance asset discovery and vulnerability assessment capabilities.
  • Ability to work independently and lead high-impact projects in a fast-paced, high-pressure environment.
  • Advanced Cyber and IT security knowledge
  • Advanced understanding of networking and network security
  • Advanced security system analysis skills
  • Advanced risk assessment and management skills
  • Understanding of Cyber and IT security risks, threats, and prevention measures
  • Understanding of SQL and relevant scripting languages
  • Experience with vulnerability management tools and scanners
  • Experience with attack surface management tools and methodologies.
  • Experience with threat intelligence platforms and sources.
  • Excellent communication skills, with the ability to explain complex technical issues to non-technical audiences.
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent experience.
  • 8 years + of experience in cybersecurity, with a focus on attack surface management, vulnerability management, or threat intelligence.
  • Proven experience in managing and reducing attack surfaces for large, complex organizations.
  • Strong knowledge of external digital assets, including cloud environments, web applications, and third-party integrations, and the associated security risks.
  • Required: Certified Information Systems Security Professional (CISSP), GIAC Certified Vulnerability Assessor (GCVA), or equivalent.
  • Preferred: GIAC Certified Penetration Tester (GPEN), Certified Ethical Hacker (CEH), or similar advanced certifications demonstrating expertise in attack surface management.

Responsibilities

  • Lead the identification and continuous monitoring of the organization’s external digital assets, including domains, IP addresses, cloud environments, and third-party integrations.
  • Utilize advanced tools and methodologies to discover and inventory all external-facing assets, ensuring comprehensive visibility across the organization’s attack surface.
  • Stay informed about changes in the organization’s digital footprint, such as new acquisitions, mergers, or cloud deployments, and adjust monitoring strategies accordingly.
  • Analyze identified assets for vulnerabilities, misconfigurations, and other security risks that could be exploited by adversaries.
  • Perform regular assessments and prioritize vulnerabilities based on potential impact and exploitability.
  • Collaborate with vulnerability management and incident response teams to ensure timely remediation of identified issues.
  • Develop and implement proactive defense strategies to reduce the organization’s attack surface and mitigate the risk of cyber-attacks.
  • Work closely with security architecture and engineering teams to ensure secure configurations and to apply best practices for minimizing exposure.
  • Provide actionable insights and recommendations to senior leadership on how to reduce risk and enhance the security of external assets.
  • Integrate threat intelligence into attack surface management practices to stay ahead of emerging threats and adversary tactics.
  • Conduct risk analysis to assess the potential impact of vulnerabilities and to prioritize defence efforts accordingly.
  • Share findings with relevant teams and stakeholders to inform security strategies and decision-making processes.
  • Develop and maintain detailed reports and dashboards on attack surface metrics, vulnerability findings, and risk assessments.
  • Provide regular briefings to senior leadership on the state of the organization’s attack surface, highlighting key risks and recommended actions.
  • Ensure comprehensive documentation of processes, methodologies, and findings, contributing to the organization’s knowledge base.

FAQs

Do we support remote work?

This role is designed as ‘Onsite’ with an expectation that you will primarily work from an HPE office.

What is the required experience for this position?

The position requires 8+ years of experience in cybersecurity, specifically focusing on attack surface management, vulnerability management, or threat intelligence.

What educational background is necessary for this role?

A Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience is required.

What certifications are mandatory for this job?

Required certifications include Certified Information Systems Security Professional (CISSP), GIAC Certified Vulnerability Assessor (GCVA), or an equivalent certification.

Will I be working independently or in a team?

The role allows for independent work while also collaborating closely with various teams, including vulnerability management and incident response teams.

What skills are essential for this role?

Essential skills include expertise in attack surface management tools, strong analytical and problem-solving skills, scripting and automation knowledge (e.g., Python, PowerShell), and excellent communication skills.

What can I expect in terms of personal and professional development?

HPE invests in your career development with specific programs to help you achieve your career goals, whether you want to deepen your expertise in your current field or explore other divisions.

Is there a focus on diversity and inclusion within the company?

Yes, HPE is committed to diversity, inclusion, and belonging, celebrating individual uniqueness and ensuring that diverse backgrounds are valued and are an integral part of the team.

What are my responsibilities in this role?

Responsibilities include identifying external digital assets, performing vulnerability assessments, collaborating on remediation efforts, and providing insights to senior leadership on securing external assets.

Are there opportunities for career growth within HPE?

Yes, HPE encourages career growth and provides opportunities to stretch and grow your skills within the organization.

Information Technology & Services

Technology
Industry
10,001+
Employees
1939
Founded Year

Mission & Purpose

HPE (Hewlett Packard Enterprise) is a global technology company that provides a comprehensive range of IT solutions and services. They offer hardware, software, and hybrid IT infrastructure solutions, including servers, storage systems, networking equipment, and cloud computing services. HPE's ultimate mission is to help their clients thrive in the digital age by providing transformative technology solutions that drive innovation, enhance productivity, and enable business growth. Their purpose is to empower organisations to harness the power of technology and data to solve complex challenges, optimise their IT infrastructure, and accelerate their digital transformation. HPE strives to be a trusted partner, delivering cutting-edge technology and expertise that enables their clients to adapt, innovate, and stay ahead in an ever-changing and competitive marketplace.