Attack Surface Management Lead

We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry.

This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us.

SHOULD YOU ACCEPT THIS CHALLENGE…

You will own and evolve our Attack Surface Management (ASM) program, unifying asset discovery, vulnerability intelligence, secrets detection, and automated remediation into a single, outcomes-driven capability. Your mandate is to give the company a real-time, risk-prioritized view of every internal and external exposure—and drive it down to zero wherever possible.

ABOUT THE ROLE 

As the ASM Lead, you will sit at the intersection of Security Engineering, Infrastructure, Cloud, and DevOps. You will design strategy, set priorities, and lead a small team that continuously discovers assets, assesses and manages vulnerabilities, manages secrets and code-risk detection, perform collaboration and stakeholder engagements, automate and provide metrics and reporting, and orchestrates remediation at scale. Success means measurable risk reduction, shorter time-to-remediate, and clear executive-level reporting.

WHAT YOU’ll DO

• Define the multi-year ASM roadmap; align tooling, data flows, and KPIs with business risk.
• Maintain a holistic inventory of on-prem, cloud, container, SaaS, and third-party assets, enriched with business context.
• Lead deployment and tuning of discovery scanners (network, cloud, container, endpoint).
• Correlate asset data to CMDB and CI/CD systems for real-time context.
• Conduct continuous discovery and vulnerability assessment across enterprise-wide assets.
• Operate and optimize the ASM tech stack (e.g., Tenable, etc.).
• Prioritize vulnerability remediation using criticality, exploit probability, rating, threat intel and business risk exposure.
• Document, report, and track remediation through Jira/ServiceNow workflows.
• Manage secret discovery tooling to eradicate hard-coded secrets across repos.
• Partner with developers to shift-left credential hygiene in CI/CD pipelines.
• Act as the single point of coordination (aka Customer Success Manager for ASM) among Security, Cloud, Infrastructure, and Engineering teams, aligning remediation efforts and SLAs.
• Communicating vulnerability results in language understood by both engineers and executives.
• Integrate scanners/APIs with ticketing systems to auto-generate and track findings.
• Define and publish KPIs (e.g., asset coverage, mean-time-to-remediate, risk-reduction trend).
• Produce dashboards and exec briefs that demonstrate posture and progress.

WHAT YOU’LL BRING

• 8-10+ years in cybersecurity with deep focus on vulnerability management, asset discovery, or attack surface management.
• Proven experience running enterprise-grade scanners such as Tenable, runZero, or the like.
• Hands-on experience of cloud platforms (AWS, Azure, GCP), containers (Docker/Kubernetes), and modern CI/CD.
• Proficient in scripting/automation (Python, Bash, PowerShell).
• Understanding of Windows, Linux, networking protocols, and hardening techniques.
• Familiarity with compliance frameworks (PCI, HIPAA, NIST, ISO) and how they map to vulnerability remediation .
• Good understanding of OWASP, CVSS and MITRE ATT&CK framework and the software development lifecycle.
• Demonstrated ability to influence cross-functional teams and drive accountability without authority.
• Analytical, highly organized, and comfortable translating risk into business terms.
• Self-starter who thrives in fast-paced, agile environments and communicates with clarity at all levels.

PREFERRED QUALIFICATIONS

• Experience in SaaS or cloud-native companies with agile development practices.
• Security certifications—CISSP, GCIH, OSCP, AWS Security Specialty, or equivalent.
• Exposure to cloud CSPM platforms.
• Experience integrating ASM data into SOAR/SIEM workflows.

WHY YOU’LL LOVE WORKING HERE

• Direct Impact: Your work measurably reduces organizational risk and secures customer trust.
• Innovation Culture: Collaborate with world-class engineers who value experimentation and continuous learning.
• Career Growth: Lead a strategic function with high executive visibility and opportunities to expand your leadership scope.

We are primarily an in-office environment and therefore, you will be expected to work from the Santa Clara, CA or Lehi, Utah office in compliance with Pure’s policies, unless you are on PTO, or work travel, or other approved leave.

#LI-TH3,  #LI-ONSITE

 

 

Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations. 

This role may be eligible for incentive pay and/or equity. 

There is no application deadline and we accept applications on an ongoing basis until the job is filled.

The annual base salary range is: $142,000—$299,000 USD

WHAT YOU CAN EXPECT FROM US:

• Pure Innovation: We celebrate those who think critically, like a challenge and aspire to be trailblazers.
• Pure Growth: We give you the space and support to grow along with us and to contribute to something meaningful. We have been Named Fortune's Best Large Workplaces in the Bay Area™, Fortune's Best Workplaces for Millennials™ and certified as a Great Place to Work®!
• Pure Team: We build each other up and set aside ego for the greater good.

And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources and company-sponsored team events. Check out purebenefits.com for more information.

ACCOMMODATIONS AND ACCESSIBILITY:

Candidates with disabilities may request accommodations for all aspects of our hiring process. For more on this, contact us at TA-Ops@purestorage.com if you’re invited to an interview.

WHERE DIFFERENCES FUEL INNOVATION:

We’re forging a future where everyone finds their rightful place and where every voice matters. Where uniqueness isn’t just accepted but embraced. That’s why we are committed to fostering the growth and development of every person, cultivating a sense of community through our Employee Resource Groups and advocating for inclusive leadership. At Pure Storage, diversity, equity, inclusion and sustainability are part of our DNA because we believe our people will shape the next chapter of our success story.​ 

Pure Storage is proud to be an equal opportunity employer. We strongly encourage applications from Indigenous Peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and people with intersectional identities. We also encourage you to apply even if you feel you don’t match all of the role criteria. If you think you can do the job and feel you’re a good match, please apply.