Lead Attack Surface Management Engineer - Remote US
Allen, TX, United States
Experian
Experian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.Company Description
Experian is the world’s leading global information services company. During life’s big moments – from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers – we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.
We have 20,000 people operating across 44 countries and every day we’re investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.
Job Description
The Lead Attack Surface Management Engineer - External is responsible for all activities related to the execution and management of the External Attack Surface Management Program, with the goal to ensure comprehensive visibility and actionability of Experian’s external attack surface, exposures, and vulnerabilities, thus minimizing Experian’s risk potential. This role acts as a subject matter expert for the team, and owns the systems and tools for the group.
Responsibilities:
- Owns and executes External Attack Surface Management processes and procedures to continuously monitor and improve visibility of the attack surface in order to detect anomalies faster and reduce incidences or potential of cyber-attacks.
- Manages the EASM platform and service provider to deliver consistent and reliable scanning of Experian’s complete external-facing digital footprint.
- Is responsible for managing and maintaining integrations between the EASM platform and Experian services.
- Lead contributor EASM expertise daily to the Cyber Fusion Center to ensure information, discoveries, and actions are well communicated and understood.
- Performs verification/validation testing for vulnerabilities in external-facing web sites, web applications, and services; demonstrates exploitation steps and verify remediation/fixes.
- Oversees and owns comprehensive reports, including detailed findings, exploitation procedures, and mitigation techniques.
- Engage with IT and geographically dispersed business stakeholders to ensure they fully understand their Attack Surface and helps them identify prioritization of vulnerabilities.
- Develops vulnerability KPIs/metrics to demonstrate coverage and remediation effectiveness.
- Execute daily operations of the External Attack Surface Management program, including the interpretation of scanning results.
- Plays key role in assisting with the identification of internal and external risks based on scanning results, including attribution of ownership.
- Aggregating vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpreting and presenting risk.
Qualifications
Four-year college diploma or university degree in computer science or computer engineering, and/or 4 additional years' equivalent work experience.
3+ years of experience managing security tools, preferably for large organization.
5+ in information security vulnerability management role.
8+ total years in security and/or technology engineering or implementation roles.
Certification that could be helpful but not required: CISSP, Security+, CEH, OSCP, GIAC certifications.
Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, Path Traversal Attacks, Remote Execution Flaws, and Authentication Flaws.
Understanding of common web application frameworks and web-based APIs.
Experience with one or more scripting languages such as Bash, Python, Perl, PowerShell, etc.
Working knowledge of networking standards and protocols: IPv4 IPv6, TCP/IP, DNS, HTTPS, TLS, BGP, Firewalls and NAT, SMTP, VPN, ICMP, SSH, IPSec, etc.
Demonstrable knowledge of architecture, engineering, and operations of one or more vulnerability management tools, such as Wiz, Qualys, Rapid7, and ServiceNow.
Demonstrable understanding of the application one or more of the following frameworks and how they are applied to identifying and rating risk: OWASP, SANS, NIST, CIS, and MITRE ATT&CK.
Knowledge of major cloud platforms (AWS, Azure, or GCP).
Knowledge of systems hardening and other risk mitigation factors on multiple technologies and operating systems (Window, Linux, Mac, routers, switches, Kubernetes).
A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies.
Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management and security and controls.
Excellent interpersonal skills and strong verbal and written communication. Able to communicate ideas in both technical and user-friendly language.
Strong organizational skills with proven ability to manage multiple high visibility issues simultaneously.
Proactive attitude, seeking for improvement opportunities which can positively impact the security posture and the business.
Willing to travel globally as required
Additional Information
All your information will be kept confidential according to EEO guidelines.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe. See our DEI work in action!
Please contact us at JobPostingInquiry@experian.com to request the salary range of this position (please include the exact Job Title as it reads above in your email). In addition to a competitive base salary and variable pay opportunity, Experian offers a comprehensive benefits package including health, life and disability insurance, generous paid time off including 12 company paid holidays and parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here
Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience and education. This position is also eligible for a variable pay opportunity and a comprehensive benefits package which includes health, life and disability insurance, generous paid time off including paid parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. We’re passionate about unlocking the power of data to transform lives and create opportunities for consumers, businesses, and society. For more than 125 years, we’ve helped people and economies flourish – and we’re not done.
We take our people’s agenda very seriously. We focus on what truly matters; diversity and inclusion, work/life balance, flexible working, development, collaboration, wellness, reward & recognition, volunteering, making an impact... the list goes on. See our DEI work in action!
The power of YOU. We are building a culture where everyone is comfortable bringing their whole self to work. A place where we not only respect our differences and values but celebrate them in a positive and supportive environment.
Find out what is like to work for Experian and discover the Unexpected!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs AWS Azure Bash CEH CISSP Cloud Computer Science DNS Firewalls GCP GIAC KPIs Kubernetes Linux MITRE ATT&CK NIST OSCP OWASP Perl PowerShell Python Qualys SANS Scripting SMTP SQL SQL injection SSH TCP/IP TLS VPN Vulnerabilities Vulnerability management XSS
Perks/benefits: 401(k) matching Competitive pay Equity Flex hours Flex vacation Health care Insurance Parental leave Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs