The Attack Surface Management Engineer is responsible for activities related to the full scope of attack surface management, with the goal to ensure comprehensive visibility and actionability of Experian's entire attack surface, exposures, and vulnerabilities, minimizing Experian's risk potential. You will work with the Cyber Fusion Centre to provide accurate attack surface management discovery to support incident-related activities.
Reports to our Director of Attack Surface Management
Responsibilities
- Help with response to cybersecurity incidents, ensuring relevant vulnerable asset discovery.
- Build and iteratively improve on Attack Surface Management processes to monitor and strengthen visibility and knowledge of the global attack surface.
- Engage with partners to ensure ASM-related communication and reporting throughout the incident lifecycle
- Perform verification/validation testing for vulnerabilities across all asset types; demonstrate exploitation steps and verify remediation/fixes
- Perform programmatic and ad-hoc asset discovery to report on coverage gaps
- Implement daily operations of the Attack Surface Mgmt program, including the interpretation of scanning results
- Help identify internal and external risks based on scanning results
- Support the attribution of findings to appropriate business owner
- Identify improvements to scan coverage
Functional Requirements
- Expert level engineering experience to support Attack Surface Management in one of the following: Networking/Protocols, Middleware, Network Infrastructure, Network Appliances, APIs, Cloud Infrastructure, Cloud Services, Mobile Devices, Mobile Applications, IoT, Endpoints, Operating Systems, Wireless networking, Third-party Integrations, Data Storage, Databases, CICD, Application Dependencies.
- Working knowledge of network security principles, including segmentation, firewalls and VPNs.
- Working knowledge of networking standards and protocols: IPv4, IPv6, TCP/IP, DNS, HTTPS, TLS, BGP, Firewalls and NAT, SMTP, VPN, ICMP, SSH, IPSec, etc.
- Solid understanding of the application of some of the following frameworks and regulations, and how they are applied to identifying and rating risk: OWASP, SANS, NIST 800-61, CVSS, CIS, OSSTM, ISO 27001, MITRE ATT&CK, PCI, HIPAA, GDPR, CMMC, other.
- Working knowledge of industry accepted AI security practices.
- Knowledge of major cloud platforms (AWS, Azure, or GCP).
- Experience with cloud security practices and tools and the ability to respond to incidents in cloud-based infrastructure.
- Document all ASM aspects of incident response activities, including timelines, actions taken, and lessons learned.
Benefits package includes:
- Flexible work environment, working hybrid or in the office if you prefer.
- Great compensation package and discretionary bonus plan
- Core benefits include pension, bupa healthcare, sharesave scheme and more
- 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.
Find out what its like to work for Experian by clicking here
#LI-Remote
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here