Attack Surface Reduction Analyst

Job Description

What does this team do?

Attack Surface Reduction team helps and contribute to improve the security posture of H&M by operating within an Agile model. We play a crucial role in proactively identifying and help in mitigating potential security risks and vulnerabilities across H&M's systems, applications, and networks, with the aim of preventing unauthorized access, data breaches, and other security incidents.

Job Summary: We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong background in penetration testing to join our cybersecurity team. The successful candidate will be responsible for identifying potential security risks and vulnerabilities in our organization's systems, applications, and networks, performing penetration testing, and facilitating and managing third-party penetration testing engagements.

Key Responsibilities:

• Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on H&M's systems, networks, and applications.
• Utilize industry-standard tools and methodologies to identify potential vulnerabilities and weaknesses in our attack surface.
• Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities in a timely manner.
• Experience in designing, implementing, and managing vulnerability management processes and workflows.
• Facilitate and manage penetration testing engagements with third-party vendors.
• Collaborate with other members of the cybersecurity team to develop and implement strategies to reduce our attack surface.
• Develop and maintain security policies and procedures for our organization's systems, applications, and networks.
• Monitor our organization's systems, applications, and networks for unauthorized access, suspicious activity, and other security threats.
• Stay up to date with the latest trends and developments in the field of cybersecurity, specifically related to attack surface reduction techniques

Qualifications

• Bachelor's degree in computer science, information security, or a related field.
• 5-10 years of experience in vulnerability scanning, vulnerability management, and penetration testing.
• Solid knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices.
• Strong knowledge of security assessment tools, vulnerability scanning, and penetration testing.
• Proficient in using industry-standard vulnerability assessment and penetration testing tools (e.g., Kali Distro, Qualys, Burp Suite, etc.).
• Familiarity with industry frameworks and standards, such as NIST, OWASP, and CIS.
• Effective communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders.
• Excellent analytical, problem-solving, and communication skills.
• Relevant certifications, such as SANS, OSCP, OSEP, CompTIA Security+ or CREST are a plus.

Additional Information

This is a full-time position, starting in March 2025.
Apply by sending in your CV in English as soon as possible, but no later than the 7th of February 2025. Due to data policies, we only accept applications through the SmartRecruiters or career page.  

Benefits
We offer all our employees at H&M Group attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M Group brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP. You can read more about our H&M Incentive Program here. 

In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment types and countries. 

Inclusion & Diversity 
At H&M Group, we’re determined to create and maintain inclusive, diverse, and equitable workplaces throughout our organization. Our teams should consist of a variety of people who share and combine their knowledge, experience, and ideas. Having a diverse workforce leads to a positive impact on how we address challenges, on what we perceive possible, and on how we choose to relate to our colleagues and customers all over the world. Hence all diversity dimensions are taken into consideration in our recruitment process.

We strive to have a fair and equal process and therefore kindly ask you not to attach a cover letter to your application as it often contains information that can easily trigger unintentional biases.

Company Description
H&M Group is a family of brands; H&M, COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, and Afound. At H&M Group, our people are the driving force behind our commitment to creating meaningful growth and more sustainable lifestyles. Help us re-imagine fashion and together we will re-shape our industry. Learn more about H&M Group here.