Attack Surface Intelligence Lead

Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. We’ve worked with more than 25% of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies to improve their security. Our Cosmos platform was named Best Emerging Technology in the 2021 SC Media Awards and our offerings are consistently ranked as “world class” in customer experience surveys. We're an active participant in the security community and have published more than 16 open source tools and 50 security advisories in the last five years. Learn more at bishopfox.com or follow us on Twitter.

Given our exceptional growth we are expanding and hiring an Attack Surface Intelligence Lead ­­­­­­­to join us on this exciting journey. 

Who You Are and What You’ll Do 

Cosmos (formerly CAST) proactively defends dynamic attack surfaces by combining advanced technology, automation and expert-driven testing by a team of talented offensive security analysts, operators, and developers from a variety of diverse backgrounds.  We are looking for an Attack Surface Intelligence Lead who will be responsible for leading a team conducting attack surface discovery and reconnaissance activities leveraging Cosmos on named accounts with the goal of filling the funnel with intelligence and qualified leads.

In this role you will: 

• Provide mentorship, coaching, and management of a team with diverse skills and expand the vision and mission for the Attack Surface Intelligence team.
• Conduct attack surface discovery and reconnaissance activities on a continuous basis for named accounts.
  • Add new scope using various OSINT and network discovery tools.
• Develop meaningful insights into customer attack surface utilizing relevant data analytics tools and techniques.
• Gather and analyze OSINT data relative to customer.
• Identify and communicate anomalies in customer's attack surface and field technical questions.
• Triage leads by validating scope, false positives and/or other initial playbook execution.
• Maintain situational awareness of named account testing life-cycle activities and add insights where possible using intelligence gathering activities.
• Maintain awareness of Cosmos platform performance, functionality, and data integrity.
• Build and maintain customer intelligence knowledge base including aggregation of data gleaned via exploits, loot, and rules of engagement.
• Strive to develop inside-out awareness of the customer’s environment.
• Maintain up-to-date knowledge of threats, countermeasures, security tools, testing techniques, network and application security research, and Federal and industry regulations.
• Engage in thought leadership activities by developing tools, conducting research, giving presentations, and authoring whitepapers and blogs.

Why Bishop Fox

Bishop Fox has always allowed its employees to work remotely, and this role could work anywhere in the United States (Or Mexico if the role is preferred there). Equity is offered to all employees and starts vesting on the first day.  You also have the opportunity to earn additional equity.  Our comprehensive benefits program is tailored to meet your needs at an affordable price. We embrace diversity and an inclusive culture.  We value our employees and who they are, which fosters a powerful and collective talent base to successfully serve our clients and the security community with unparalleled expertise. 

Your Education and Experience

You just have to be good at and, most importantly, love what you do. Don’t worry about a piece of paper; we won’t. Here’s a list of qualities we’re looking for:

• Bachelor’s Degree in Software Engineering or related field preferred.
• OSINT Certification (SANS OSINT or McAfee C|OSINT) desired.
• High level offensive security certifications preferred, such as OSCP, OSWE, OSCE, OSEE, OSWP, GPEN, GWAPT and GXPN.
• 5+ years cybersecurity industry experience required.
• Demonstrated commitment to continuous education.
• Vulnerability management and analysis skills.
• Sufficient scripting skills to automate small tasks.
• Experience with conducting open-source and/ or academic research.
• Understanding of how to leverage OSINT data and information to ensure whole client attack surface is understood.
• Subject matter expert on multiple customers and their unique security needs.
• Leadership abilities and mentorship skills that support the management and development of more junior members of the team.
• Strong analytical skills with the ability to apply previously collected client information to support/enhance current testing activities.
• Navigates unusual hours and last-minute requests with flexibility and calm.
• Understanding of client needs and current business acquisitions.
• Strong written and verbal communication skills.
• Excellent problem-solving skills- tackles problems with a logical and systematic approach.
• Excels at building professional trust and maintaining confidentiality.
• Team player mentality with the ability to work as a self-motivated individual contributor.
• Detail-oriented with the ability to prioritize and multi-task.
• Excellent time management skills and focus.
• Strong creative thinking skills.

Bishop Fox is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.  All new hires must pass a background check as a condition of employment.

Interested? Apply today!