Vulnerability Attack Surface Reduction, Advisor

Key Role 

Work as a Vulnerability Attack Surface Reduction Analyst, including leading and supporting the development and delivery of a diverse range of attack surface reduction consulting and operations service programs to a portfolio of our commercial clients. Be a part of a team that delivers world-class Cybersecurity attack surface reduction and related vulnerability management, security testing, and application security capability development programs and solutions to large enterprise customers. Deliver vulnerability management and other attack surface reduction security services to our large enterprise clients in support of their overall Cyberdefense programs. Proactively recommend and document Attack Surface Reduction (ASR) and related Threat and Vulnerability Management improvements based on assessment, operations, and analysis work. Perform vulnerability attack surface assessments and threat modeling to identify control weaknesses and assess the effectiveness of existing controls. Perform root cause analysis on identified vulnerabilities and attack surface weaknesses to determine feasible technical solutions and help triage risks and prioritize remediation activities. This position requires the ability to travel up to 50% of the time.

Basic Qualifications:

  • 5+ years of experience with vulnerability management and Cybersecurity operations
  • 2+ years of experience with vulnerability management platforms, including Qualys, Rapid7, or Tenable Nessus
  • 2+ years of experience with databases, CSV files, and other large data sources to query, analyze, and work with large data sets to identify ways to improve various attack surface vulnerability management related functions and processes
  • Knowledge of general Cybersecurity concepts and methods, including vulnerability management, application security, incident response, governance, risk or compliance, or security architecture
  • Ability to travel up to 50% of the time
  • HS diploma or GED

Additional Qualifications:

  • 1 year of experience with penetration testing or ethical hacking 
  • 2 years of experience with attack surface reduction 
  • Experience with security or secure coding and software development experience
  • Experience with server application and network security hardening experience 
  • Experience with other attack surface reduction or VM platforms, including Kenna, Microsoft Defender, Metasploit, RiskIQ, or Tripwire
  • CISSP, CISM, or CEH Certification

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.