Attack Surface Management Engineer

Ruddington, United Kingdom

Experian

Experian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.

View all jobs at Experian

Apply now Apply later

Company Description

Internal Grade D

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realise their financial goals and help them save time and money.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland.

Find out what its like to work for Experian by clicking here

Job Description

 

The Attack Surface Management Engineer is responsible for activities related to the full scope of attack surface management, with the goal to ensure comprehensive visibility and actionability of Experian's entire attack surface, exposures, and vulnerabilities, minimizing Experian's risk potential. You will work with the Cyber Fusion Centre to provide accurate attack surface management discovery to support incident-related activities.

Reports to our Director of Attack Surface Management

Responsibilities

  • Help with response to cybersecurity incidents, ensuring relevant vulnerable asset discovery.
  • Build and iteratively improve on Attack Surface Management processes to monitor and strengthen visibility and knowledge of the global attack surface.
  • Engage with partners to ensure ASM-related communication and reporting throughout the incident lifecycle
  • Perform verification/validation testing for vulnerabilities across all asset types; demonstrate exploitation steps and verify remediation/fixes
  • Perform programmatic and ad-hoc asset discovery to report on coverage gaps
  • Implement daily operations of the Attack Surface Mgmt program, including the interpretation of scanning results
  • Help identify internal and external risks based on scanning results
  • Support the attribution of findings to appropriate business owner
  • Identify improvements to scan coverage

Qualifications

Functional Requirements

  • Expert level engineering experience to support Attack Surface Management in one of the following: Networking/Protocols, Middleware, Network Infrastructure, Network Appliances, APIs, Cloud Infrastructure, Cloud Services, Mobile Devices, Mobile Applications, IoT, Endpoints, Operating Systems, Wireless networking, Third-party Integrations, Data Storage, Databases, CICD, Application Dependencies.
  • Working knowledge of network security principles, including segmentation, firewalls and VPNs.
  • Working knowledge of networking standards and protocols: IPv4, IPv6, TCP/IP, DNS, HTTPS, TLS, BGP, Firewalls and NAT, SMTP, VPN, ICMP, SSH, IPSec, etc.
  • Solid understanding of the application of some of the following frameworks and regulations, and how they are applied to identifying and rating risk: OWASP, SANS, NIST 800-61, CVSS, CIS, OSSTM, ISO 27001, MITRE ATT&CK, PCI, HIPAA, GDPR, CMMC, other.
  • Working knowledge of industry accepted AI security practices.
  • Knowledge of major cloud platforms (AWS, Azure, or GCP).
  • Experience with cloud security practices and tools and the ability to respond to incidents in cloud-based infrastructure.
  • Document all ASM aspects of incident response activities, including timelines, actions taken, and lessons learned.

Additional Information

Benefits package includes:

  • Flexible work environment, working hybrid or in the office if you prefer.
  • Great compensation package and discretionary bonus plan
  • Core benefits include pension, bupa healthcare, sharesave scheme and more
  • 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Find out what its like to work for Experian by clicking here

#LI-Remote

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  5  0  0

Tags: Analytics APIs ASM AWS Azure Cloud CMMC CVSS DNS Firewalls GCP GDPR HIPAA Incident response IoT ISO 27001 MITRE ATT&CK Network security NIST OWASP SANS SMTP SSH TCP/IP TLS VPN Vulnerabilities

Perks/benefits: Equity / stock options Flex hours Salary bonus

Regions: Remote/Anywhere Europe
Country: United Kingdom

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.