Principal Analyst/Engineer, Attack Surface Management
Remote (United States)
SecurityScorecard
10x your security performance with the world's most powerful, AI-driven platform that identifies and eliminates cyber risk across all of your attack surfaces.About SecurityScorecard:
SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint.
Headquartered in New York City, our culture has been recognized by Inc Magazine as a "Best Workplace,” by Crain’s NY as a "Best Places to Work in NYC," and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.” SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.
About the Role:
This role is crucial for maintaining the continuous accuracy and completeness of our customers' digital footprint data. The position demands an in-depth understanding of networking protocols such as TCP/IP, DNS, BGP, SSL and an understanding of the fundamentals of how the Internet works. Responsibilities include validating the attribution of digital assets, managing asset claims, addressing inaccuracies, and promptly updating the digital footprint as necessary. The ideal candidate will have a background in researching, designing and deploying Internet facing technologies, preferably in telcos. The candidate will proactively identify and resolve discrepancies and identify directional innovations to the digital attribution system. This role requires a proactive approach and a deep understanding of how digital assets are managed and assigned by Telcos/ISPs.
Job Responsibilities:
- Validate and Maintain Digital Footprint data: Regularly review and validate the accuracy of how digital assets are attributed to organizations. Ensure that all internet-facing assets are correctly attributed and reflect the current status.
- Asset Management & Discovery: Research and design new methods to correctly discover and attribute digital assets to organizations. You will also work with key stakeholders to understand customer needs and the nuances on how their organization is reflected on the Internet.
- Issue Resolution: Address and resolve issues found within the digital footprint, such as misattributions or outdated information. Work closely with the cybersecurity team to understand the impact of these issues on security ratings.
- Collaboration and Reporting: Work collaboratively with technical and non-technical teams to gather asset data, clarify asset status, and report on footprint changes and their impacts. Provide insights and recommendations based on digital footprint analysis.
- Continuous Improvement: Contribute to the improvement of methodologies for digital footprint analysis and management. Participate in the development of new tools and processes to enhance the team’s capabilities. As well as keeping an eye on associated engineering costs.
Required Qualifications:
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
- 2+ years of experience in cybersecurity, IT asset management, or a related field.
- Familiarity with the various internet registries such as ARIN, RIPE NCC, APNIC, etc
- Strong understanding of network infrastructure, BGP, DNS, WHOIS, and IP management.
- Proficient in data analysis and capable of interpreting complex data related to network security.
- Experience with cybersecurity tools and platforms, especially those related to asset management and network scanning.
- Strong problem-solving skills and the ability to operate effectively under tight deadlines.
- Experience with distributed data processing frameworks (Spark and or Flink)
- Proficient in Scala, Python or Golang
- Experience with various data formats
Preferred Qualifications:
- Certifications such as CISSP, CISM, or related credentials.
- Experience with scripting languages for data manipulation and automation.
- Knowledge of regulatory compliance standards relevant to cybersecurity and data protection.
Additional Skills:
- Excellent communication skills, both written and verbal.
- Strong organizational skills with the ability to manage multiple priorities.
- Proactive attitude and a strong team player.
- Experience with Kafka
Benefits:
Specific to each country, we offer a competitive salary, stock options, Health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more!
The estimated salary range for this position is $225,000-240,000. Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range. In addition to base salary, employees may also be eligible for annual performance-based incentive compensation awards and equity, among other company benefits.
SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law.
We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.
Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law.
SecurityScorecard does not accept unsolicited resumes from employment agencies. Please note that we do not provide immigration sponsorship for this position.
Tags: Automation CISM CISSP Compliance Computer Science DNS Golang Kafka Monitoring Network security Privacy Python Risk management SaaS Scala Scripting TCP/IP
Perks/benefits: Competitive pay Equity Health care Insurance Parental leave Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs