Cyber Security Specialist, Attack Surface Management
FRANKLIN, Tennessee, United States
Community Health Systems
Summary:
As a member of the Information Security team, the Cyber Security Specialist for Attack Surface Management will be responsible for developing, implementing, and operating external attack surface management solutions to identify, classify, and report existing and emerging vulnerabilities detected in external enterprise infrastructure. The Specialist will operate within the existing threat management team as an expert in attack surface and cloud vulnerability management, integrating sound practices from developing, engineering, and maintaining the vulnerability management program, contributing to external asset identification and vulnerability remediation methodologies, penetration testing practices, report generation, and more. The Specialist will be responsible for seeking out and reporting on asset discoveries and classifications of threats to those external assets. The Specialist will work directly with other security and information technology team members to develop plans for reporting and remediation of vulnerabilities across all operating systems applications in the enterprise.
Essential Duties and Responsibilities:
- Develop, implement, and operate external asset management solutions to identify, classify, and report existing and emerging vulnerabilities in external enterprise infrastructure.
- Serve as the subject matter expert in external attack surface and cloud vulnerability management within the threat management team, contributing to the development, engineering, and maintenance of the vulnerability management program.
- Apply industry best practices and standards to external asset identification and vulnerability remediation methodologies, penetration testing practices, and report generation.
- Stay updated on the latest vulnerability discoveries and classifications, and proactively report and assess their potential impact on the organization's systems and applications.
- Collaborate with security and IT team members to develop comprehensive plans for discovery of, reporting against, and remediation of vulnerabilities across all externally facing systems, cloud computing systems, and applications in the enterprise.
- Conduct regular attack surface assessments, utilizing automated tools and manual techniques to ensure thorough coverage and accuracy.
- Analyze attack surface assessment results and provide recommendations for prioritizing and remediating vulnerabilities based on risk and impact.
- Work closely with IT partners to coordinate and track the progress of vulnerability remediation efforts, ensuring timely resolution of identified vulnerabilities.
- Lead the development and maintenance of external attack surface management policies, procedures, and documentation.
- Provide guidance and support to junior team members, fostering knowledge sharing and professional growth within the vulnerability management team.
- Business and Soft Skill expectations:
- Communicate and interact effectively and professionally with co-workers, management, customers, etc.
- Maintain complete confidentiality of company business.
- Communicate with management regarding development within areas of assigned responsibilities and perform special projects as required or requested.
Qualifications:
- Required Education: High School diploma
- Preferred Education: Bachelor’s or Master’s Degree in Cyber Security, Computer Science, Information Systems (or other related field), or equivalent work experience.
- Required Experience:
- Duration:
- 5+ years of IT or information security, and
- 3+ years of vulnerability management, attack surface management, or asset management or similar field
- Duration:
-
- Activities:
- Practical experience with designing and implementing technologies related to external attack surface management including network scanning, penetration testing, and configuration management
- Served as expert thought leader for external attack surface management technologies and influenced the strategy for remediation
- Worked in process-driven structured environments and participated in process optimization activities.
- Competencies:
- In-depth knowledge of vulnerability management tools, techniques, and best practices.
- Familiarity with industry frameworks and standards such as NIST, CIS, and CVSS.
- Strong understanding of operating systems, network protocols, and web applications.
- Experience with external attack surface scanning and assessment tools (e.g., Randori, Crowdstrike Falcon Surface, CyCognito).
- Excellent analytical and problem-solving skills, with the ability to prioritize and address vulnerabilities based on risk.
- Strong communication and collaboration skills to work effectively with cross-functional teams.
- Relevant certifications such as CISSP, CISA, or GIAC certifications are a plus.
- Commitment to continuous learning and staying updated on the latest trends and threats in the field of vulnerability management.
- Strong understand of lifecycle management principles and their application to the remediation of cybersecurity vulnerabilities
- Effective communication of technical concepts to a non-technical audience
- Excellent written and verbal communication skills
- Activities:
- Preferred Experience: 5+ years of external attack surface and/or cloud vulnerability management
- Required License/Registration/Certification: None
- Preferred License/Registration/Certification:
- SANS Certifications
- GIAC Certifications
- EC Council CEH
- Computer Skills Required:
- Productivity suite software required
- Python, Powershell, Microsoft SQL, industry standard vulnerability scanning software, and various other cybersecurity tools preferred
Physical Demands:
In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:
- The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.
- The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.
- The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CEH CISA CISSP Cloud Computer Science CrowdStrike CVSS GIAC NIST Pentesting PowerShell Python SANS SQL Strategy Vulnerabilities Vulnerability management
Perks/benefits: Career development Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs