Attack Surface Management Engineer - Remote US
Allen, TX, United States
Experian
Experian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.Company Description
Experian is the world’s leading global information services company. During life’s big moments – from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers – we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.
We have 20,000 people operating across 44 countries and every day we’re investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.
Job Description
The Attack Surface Management Engineer is responsible for activities related to the full scope of attack surface management, with the goal to ensure comprehensive visibility and actionability of Experian’s entire attack surface, exposures, and vulnerabilities, minimizing Experian’s risk potential. Reports to the Director Attack Surface Management.
Responsibilities:
- Follows Attack Surface Management processes to continuously monitor and improve visibility of the attack surface in order to detect anomalies faster and reduce incidences or potential of cyber-attacks
- Execute daily operations of the Attack Surface Mgmt program, including the interpretation of scanning results
- Perform verification/validation testing for vulnerabilities in external-facing web sites, web applications, and services
- Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigation techniques
- Partners with business stakeholders to ensure proper understanding of their Attack Surface and provides prioritization guidance
- Assist in the identification of internal and external risks based on scanning results
- Assist in the attribution of findings to appropriate business owner
- Identify improvements to scan coverage and capabilities
- Coordinate with IT and geographically dispersed Business Units on vulnerability remediation and mitigation strategies
- Assist in the documentation and standardization of process and procedures related to Attack Surface Mgmt
Qualifications
- Bachelor's degree in computer science or computer engineering, or equivalent work experience.
- 3+ years of experience in attack surface/vulnerability management role.
- 5+ years in security and/or technology engineering roles.
- Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, Path Traversal Attacks, Remote Execution Flaws, and Authentication Flaws
- Understanding of common web application frameworks and web-based APIs
- Familiarity with networking standards and protocols: IPv4 IPv6, TCP/IP, DNS, HTTPS, TLS, BGP, Firewalls and NAT, SMTP, VPN, ICMP, SSH, IPSec, etc.
- Working knowledge of architecture, engineering, and operations of one or more vulnerability management tools, such as Wiz, Qualys, Rapid7 and ServiceNow.
- Understanding of the application of the following frameworks and how they are applied to identifying and rating risk: OWASP, SANS, NIST, CIS, and MITRE ATT&CK.
- Ability to provide creative solutions to complex problems
- Ability to clearly communicate risk of vulnerabilities to all levels within an organization.
- Knowledge of major cloud platforms (AWS, Azure, or GCP).
- Knowledge of systems hardening and other risk mitigation factors on multiple technologies and operating systems (Window, Linux, Mac, routers, switches, WAF, IDS, IPS, Kubernetes).
- Ability to manage, organize, analyze, and present substantial amounts of data
Additional Information
All your information will be kept confidential according to EEO guidelines.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe. See our DEI work in action!
Please contact us at JobPostingInquiry@experian.com to request the salary range of this position (please include the exact Job Title as it reads above in your email). In addition to a competitive base salary and variable pay opportunity, Experian offers a comprehensive benefits package including health, life and disability insurance, generous paid time off including 12 company paid holidays and parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs AWS Azure Cloud Computer Science DNS Firewalls GCP IDS IPS Kubernetes Linux MITRE ATT&CK NIST OWASP Qualys SANS SMTP SQL SQL injection SSH TCP/IP TLS VPN Vulnerabilities Vulnerability management XSS
Perks/benefits: 401(k) matching Competitive pay Equity Flex vacation Health care Insurance Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Cyber Security Specialist jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open SaaS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open DoD-related jobs