Description
We are looking for an experienced Attack Surface Management (ASM) Consultant to lead efforts in identifying, monitoring, and reducing the organization's digital attack surface. In this role, you will assess the exposure of assets, evaluate potential vulnerabilities, and work with cross-functional teams to implement risk mitigation strategies. You will leverage ASM tools, threat intelligence, and manual assessments to provide a comprehensive view of the organization's attack surface, ensuring ongoing protection against emerging threats.
This position requires a strong understanding of cybersecurity principles, extensive experience with ASM tools, and the ability to assess and communicate security risks effectively.
Key Responsibilities
Attack Surface Analysis and Assessment
- Conduct regular assessments of the organization’s attack surface, including network, cloud, and application assets.
- Utilize ASM tools (e.g., RiskIQ, Expanse, CyCognito) and threat intelligence to identify internet-facing assets and assess their exposure to potential threats.
- Perform continuous asset discovery to identify shadow IT, misconfigured services, and third-party risks.
- Map and document all exposed assets, ensuring an accurate inventory of the digital footprint across the organization.
Risk Evaluation and Mitigation
- Evaluate the security posture of identified assets and prioritize risks based on potential impact and likelihood of exploitation.
- Work closely with IT, DevOps, and Security Operations teams to address high-risk exposures through configuration changes, access controls or network segmentation.
- Provide recommendations for securing exposed assets; reducing the attack surface; mitigating identified vulnerabilities.
- Ensure asset owners are aware of ASM findings; provide actionable guidance for risk mitigation.
Monitoring and Threat Intelligence Integration
- Continuously monitor the attack surface for changes; newly discovered assets.
- Integrate threat intelligence to identify; assess relevance of emerging threats to organization’s digital assets.
- Stay current on new attack techniques; tools; threat actor activities that could impact organization’s attack surface.
- Establish alerting; response protocols for identified high-risk exposures.
Reporting and Communication
- Develop; deliver clear actionable reports on attack surface findings; risk assessments; remediation progress.
- Communicate risks/recommendations effectively to technical/nontechnical stakeholders including executive leadership.
- Create metrics/dashboards providing visibility into organization’s attack surface/ASM program effectiveness.
Security Program Development/Continuous Improvement
- Assist in development/enhancement Attack Surface Management program including setting standards for asset discovery/risk management.
- Develop processes/workflows automate attack surface discovery/monitoring/assessment.
- Provide training/awareness sessions teams on reducing attack surfaces/mitigating risks.
- Identify opportunities enhance security policies/procedures based on ASM findings/emerging best practices.
Required Qualifications
Education: Bachelor’s degree in Computer Science/Cybersecurity/Information Technology/or related field. Equivalent experience may be considered.
Experience:
- Minimum [3–5] years experience in cybersecurity/focus Attack Surface Management Threat Intelligence/Vulnerability Management/or related fields.
- Hands-on experience with ASM tools (e.g., RiskIQ Expanse CyCognito) asset discovery methodologies.
- Familiarity vulnerability management processes/tools along understanding network/cloud security principles.
- Experience working large-scale enterprise environments/cloud (AWS Azure GCP)/hybrid infrastructures.
Certifications (preferred): CISSP CISM OSCP CEH CompTIA CySA+ or relevant security certifications.