Attack Surface Management Lead
Lehi, Utah; Santa Clara, California
Full Time Senior-level / Expert USD 142K - 299K
Pure Storage
Experience a data platform with a single operating environment across public, on-prem, and hybrid cloud with the worldās most flexible storage subscription model.Weāre in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry.
This type of workāwork that changes the worldāis what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us.
SHOULD YOU ACCEPT THIS CHALLENGEā¦
You will own and evolve our Attack Surface Management (ASM) program, unifying asset discovery, vulnerability intelligence, secrets detection, and automated remediation into a single, outcomes-driven capability. Your mandate is to give the company a real-time, risk-prioritized view of every internal and external exposureāand drive it down to zero wherever possible.
ABOUT THE ROLEĀ
As the ASM Lead, you will sit at the intersection of Security Engineering, Infrastructure, Cloud, and DevOps. You will design strategy, set priorities, and lead a small team that continuously discovers assets, assesses and manages vulnerabilities, manages secrets and code-risk detection, perform collaboration and stakeholder engagements, automate and provide metrics and reporting, and orchestrates remediation at scale. Success means measurable risk reduction, shorter time-to-remediate, and clear executive-level reporting.
WHAT YOUāll DO
- Define the multi-year ASM roadmap; align tooling, data flows, and KPIs with business risk.
- Maintain a holistic inventory of on-prem, cloud, container, SaaS, and third-party assets, enriched with business context.
- Lead deployment and tuning of discovery scanners (network, cloud, container, endpoint).
- Correlate asset data to CMDB and CI/CD systems for real-time context.
- Conduct continuous discovery and vulnerability assessment across enterprise-wide assets.
- Operate and optimize the ASM tech stack (e.g., Tenable, etc.).
- Prioritize vulnerability remediation using criticality, exploit probability, rating, threat intel and business risk exposure.
- Document, report, and track remediation through Jira/ServiceNow workflows.
- Manage secret discovery tooling to eradicate hard-coded secrets across repos.
- Partner with developers to shift-left credential hygiene in CI/CD pipelines.
- Act as the single point of coordination (aka Customer Success Manager for ASM) among Security, Cloud, Infrastructure, and Engineering teams, aligning remediation efforts and SLAs.
- Communicating vulnerability results in language understood by both engineers and executives.
- Integrate scanners/APIs with ticketing systems to auto-generate and track findings.
- Define and publish KPIs (e.g., asset coverage, mean-time-to-remediate, risk-reduction trend).
- Produce dashboards and exec briefs that demonstrate posture and progress.
WHAT YOUāLL BRING
- 8-10+ years in cybersecurity with deep focus on vulnerability management, asset discovery, or attack surface management.
- Proven experience running enterprise-grade scanners such as Tenable, runZero, or the like.
- Hands-on experience of cloud platforms (AWS, Azure, GCP), containers (Docker/Kubernetes), and modern CI/CD.
- Proficient in scripting/automation (Python, Bash, PowerShell).
- Understanding of Windows, Linux, networking protocols, and hardening techniques.
- Familiarity with compliance frameworks (PCI, HIPAA, NIST, ISO) and how they map to vulnerability remediation .
- Good understanding of OWASP, CVSS and MITRE ATT&CK framework and the software development lifecycle.
- Demonstrated ability to influence cross-functional teams and drive accountability without authority.
- Analytical, highly organized, and comfortable translating risk into business terms.
- Self-starter who thrives in fast-paced, agile environments and communicates with clarity at all levels.
PREFERRED QUALIFICATIONS
- Experience in SaaS or cloud-native companies with agile development practices.
- Security certificationsāCISSP, GCIH, OSCP, AWS Security Specialty, or equivalent.
- Exposure to cloud CSPM platforms.
- Experience integrating ASM data into SOAR/SIEM workflows.
WHY YOUāLL LOVE WORKING HERE
- Direct Impact: Your work measurably reduces organizational risk and secures customer trust.
- Innovation Culture: Collaborate with world-class engineers who value experimentation and continuous learning.
- Career Growth: Lead a strategic function with high executive visibility and opportunities to expand your leadership scope.
We are primarily an in-office environment and therefore, you will be expected to work from the Santa Clara, CA or Lehi, Utah office in compliance with Pureās policies, unless you are on PTO, or work travel, or other approved leave.
#LI-TH3,Ā #LI-ONSITE
Ā
Ā
Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations.Ā
This role may be eligible for incentive pay and/or equity.Ā
There is no application deadline and we accept applications on an ongoing basis until the job is filled.
The annual base salary range is: $142,000ā$299,000 USDWHAT YOU CAN EXPECT FROM US:
- Pure Innovation: We celebrate those who think critically, like a challenge and aspire to be trailblazers.
- Pure Growth: We give you the space and support to grow along with us and to contribute to something meaningful. We have been Named Fortune's Best Large Workplaces in the Bay Areaā¢, Fortune's Best Workplaces for Millennials⢠and certified as a Great Place to WorkĀ®!
- Pure Team: We build each other up and set aside ego for the greater good.
And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources and company-sponsored team events. Check out purebenefits.com for more information.
ACCOMMODATIONS AND ACCESSIBILITY:
Candidates with disabilities may request accommodations for all aspects of our hiring process. For more on this, contact us at TA-Ops@purestorage.com if youāre invited to an interview.
WHERE DIFFERENCES FUEL INNOVATION:
Weāre forging a future where everyone finds their rightful place and where every voice matters. Where uniqueness isnāt just accepted but embraced. Thatās why we are committed to fostering the growth and development of every person, cultivating a sense of community through our Employee Resource Groups and advocating for inclusive leadership. At Pure Storage, diversity, equity, inclusion and sustainability are part of our DNA because we believe our people will shape the next chapter of our success story.āĀ
Pure Storage is proud to be an equal opportunity employer. We strongly encourage applications from Indigenous Peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and people with intersectional identities. We also encourage you to apply even if you feel you donāt match all of the role criteria. If you think you can do the job and feel youāre a good match, please apply.
Tags: Agile APIs ASM Automation AWS Azure Bash CI/CD CISSP Cloud Compliance CSPM CVSS DevOps Docker Exploit GCIH GCP HIPAA Jira KPIs Kubernetes Linux MITRE ATT&CK NIST OSCP OWASP PowerShell Python SaaS Scripting SDLC SIEM SLAs SOAR Strategy Vulnerabilities Vulnerability management Windows
Perks/benefits: Career development Equity / stock options Flex hours Flex vacation Startup environment Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.