Job Description
Job Description
MUST HAVE STRONG :
- 7 years in Cybersecurity roles, with at least 3 years specializing in Attack Surface Management.
- 5 years of hands-on experience with Qualys ASM Platform (mandatory).
- 5 years of experience with cloud platforms (AWS, Azure, or GCP) and securing cloud-based assets.
We are seeking an External Attack Surface Management Staff Security Engineer to lead our efforts in identifying, analyzing, and mitigating risks associated with our organization's internet-facing assets. This critical role ensures that external assets, services, and endpoints are continuously monitored, assessed, and protected against emerging threats. The ideal candidate will have a strong background in cybersecurity, deep expertise with Qualys ASM Platform (mandatory), and a proactive approach to managing risks.
Key Responsibilities :
Attack Surface Discovery and Inventory -
Leverage Qualys ASM Platform and advanced tools to identify external-facing assets such as cloud resources, domains, subdomains, APIs, and third-party integrations.Maintain an up-to-date inventory of all external assets and ensure continuous monitoring for changes or exposures.Vulnerability Identification and Remediation -
Conduct regular scans and assessments using Qualys ASM to identify vulnerabilities across the attack surface.Collaborate with internal teams to prioritize and remediate vulnerabilities promptly.Automate vulnerability detection and notification processes.Risk Assessment and Threat Analysis -
Analyze risks associated with identified vulnerabilities and provide actionable recommendations to mitigate exposure.Monitor emerging threats targeting external assets and take proactive measures to address them.Incident Response and Escalation -
Act as the Subject Matter Expert (SME) for incidents involving external-facing assets.Provide analysis and recommendations during incident response and forensic investigations.Tool Management and Automation -
Manage and optimize Qualys ASM Platform, including configuration, updates, and integration with other security tools (e.g., SIEM, SOAR).Develop scripts or workflows to automate attack surface discovery and monitoring.Collaboration and Stakeholder Engagement -
Partner with development, DevOps, IT, and third-party vendors to secure external assets throughout their lifecycle.Provide training and awareness on attack surface management best practices.Policy and Governance -
Enforce security policies, standards, and guidelines for external assets.Conduct regular security assessments and audits to mitigate risks and maintain compliance with regulations (e.g., PCI DSS, HIPAA, SOX).Reporting and Metrics -
Develop reports and dashboards highlighting vulnerabilities, risk trends, and remediation progress.Track and communicate KPIs to measure the effectiveness of the attack surface management program.Preferred Qualifications :
Strong understanding of networking, DNS, web applications, APIs, and common vulnerabilities (e.g., OWASP Top 10).Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation.Experience with vulnerability management and penetration testing methodologies.Certifications such as CISSP, GSEC, GPEN, OSCP, or Qualys VMDR / CSAM are highly desirable.Excellent communication, reporting, and problem-solving skills.
