Attack Surface Management Engineer

Summary

Join Experian as an Attack Surface Management Engineer and play a crucial role in ensuring the comprehensive visibility and actionability of our global attack surface. You will be responsible for building and improving attack surface management processes, responding to cybersecurity incidents, and collaborating with partners. This role requires expert-level engineering experience in various areas, including networking, cloud infrastructure, and security principles. You will perform vulnerability testing, asset discovery, and risk identification, contributing to a robust security posture. Experian offers a competitive benefits package, including flexible work arrangements, a discretionary bonus plan, comprehensive healthcare, generous paid time off, and more.

Requirements

• Expert level engineering experience to support Attack Surface Management in one of the following: Networking/Protocols, Middleware, Network Infrastructure, Network Appliances, APIs, Cloud Infrastructure, Cloud Services, Mobile Devices, Mobile Applications, IoT, Endpoints, Operating Systems, Wireless networking, Third-party Integrations, Data Storage, Databases, CICD, Application Dependencies
• Working knowledge of network security principles, including segmentation, firewalls and VPNs
• Working knowledge of networking standards and protocols: IPv4, IPv6, TCP/IP, DNS, HTTPS, TLS, BGP, Firewalls and NAT, SMTP, VPN, ICMP, SSH, IPSec, etc
• Solid understanding of the application of some of the following frameworks and regulations, and how they are applied to identifying and rating risk: OWASP, SANS, NIST 800-61, CVSS, CIS, OSSTM, ISO 27001, MITRE ATT&CK, PCI, HIPAA, GDPR, CMMC, other
• Working knowledge of industry accepted AI security practices
• Knowledge of major cloud platforms (AWS, Azure, or GCP)
• Experience with cloud security practices and tools and the ability to respond to incidents in cloud-based infrastructure

Responsibilities

• Help with response to cybersecurity incidents, ensuring relevant vulnerable asset discovery
• Build and iteratively improve on Attack Surface Management processes to monitor and strengthen visibility and knowledge of the global attack surface
• Engage with partners to ensure ASM-related communication and reporting throughout the incident lifecycle
• Perform verification/validation testing for vulnerabilities across all asset types; demonstrate exploitation steps and verify remediation/fixes
• Perform programmatic and ad-hoc asset discovery to report on coverage gaps
• Implement daily operations of the Attack Surface Mgmt program, including the interpretation of scanning results
• Help identify internal and external risks based on scanning results
• Support the attribution of findings to appropriate business owner
• Identify improvements to scan coverage
• Document all ASM aspects of incident response activities, including timelines, actions taken, and lessons learned

Benefits

• Flexible work environment, working hybrid or in the office if you prefer
• Great compensation package and discretionary bonus plan
• Core benefits include pension, bupa healthcare, sharesave scheme and more
• 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave