IT Security Exposure Management Senior Engineer

Job Summary

The IT Security Exposure Management Senior Engineer must have a strong background in security engineering, with a focus on attack surface management, automation, security control validation and optimization, and reporting using KPIs and metrics. This role requires a risk-based approach to ensure continuous monitoring, automation, and intelligence-driven decision-making.

Job Description

MAJOR RESPONSIBILITIES

Attack Surface Management: Identify, assess, and manage the organization's attack surface to minimize exposure to potential threats. Implement strategies to reduce vulnerabilities and enhance security posture.

Automation: Develop and implement automated security solutions to streamline processes, improve efficiency, and reduce manual intervention. Utilize SOAR, existing tool capabilities and solution integrations to create automation workflows.

Security Control Validation and Optimization: Conduct regular assessments of security controls to ensure their effectiveness. Optimize existing controls and recommend new measures to enhance security.

Reporting Using KPIs and Metrics: Develop and maintain comprehensive security reports using key performance indicators (KPIs) and metrics. Provide insights and recommendations based on data analysis to drive informed decision-making.

Continuous Monitoring: Implement and maintain continuous monitoring solutions to detect and respond to security incidents in real-time. Ensure timely identification and mitigation of potential threats.

Risk-Based Approach: Apply a risk-based methodology to prioritize security efforts and allocate resources effectively. Conduct risk assessments and develop mitigation strategies to address identified risks.

Intelligence-Driven Decision-Making: Leverage threat intelligence and data analytics to inform security strategies and decision-making processes. Stay updated on the latest security trends and emerging threats.

Work Experience

• A minimum of 5 years of experience in IT security
• Must have broad technical services experience in support of distributed systems, cloud, and networking architectures
• Experience with security incident processes, including trouble isolation, log analysis, event correlation, and data analysis
• Experience documenting solution requirements and designs

PREFERRED JOB REQUIREMENTS

Education

Bachelor’s degree in Computer Science, Information Technology, or a related field

Certification / Licensure

Relevant certifications such as CISSP, GIAC, OSCP, or CCSP are highly desirable

Work Experience

• 5 - 8 years of experience in security operations, detection engineering, incident response, vulnerability management, and threat intelligence
• Experience performing security audits
• Experience operating within a compliance and regulatory program

Knowledge / Skills / Abilities

• Advanced knowledge of emerging security threats and trends, and the ability to adapt security strategies accordingly
• High proficiency in various security technologies and tools, including SIEM/SOAR, EDR/XDR, vulnerability management, behavior analysis, and attack surface management
• Advanced understanding of the latest technologies, security principles, and networking protocols.
• Ability to identify emerging technology trends and impact to the organization
• In-depth knowledge of risk assessment and mitigation strategies
• Experience acting as a mentor to team members

Knowledge / Skills / Abilities

• Proven experience in security engineering, with a focus on exposure management and detection engineering.
• Strong knowledge of attack surface management, automation, security control validation, and optimization.
• Proficiency in scripting and API programming (e.g., PowerShell, JSON/XML).
• Experience with security tools and technologies (e.g., SIEM/SOAR, EDR/XDR, NDR, vulnerability scanners).
• Familiarity with MITRE ATT&CK
• Strong analytical and problem-solving skills.
• Strong communication and writing/reporting skills.
• Ability to work independently and as part of a team and across teams.
• Prescribe expert recommendations to improve detection, response, and enterprise defense capabilities.
• Basic project and time management skills.

Medline Industries, LP, and its subsidiaries, offer a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.

The anticipated salary range for this position:

$110,240.00 - $165,360.00 Annual

The actual salary will vary based on applicant’s location, education, experience, skills, and abilities. This role is bonus and/or incentive eligible. Medline will not pay less than the applicable minimum wage or salary threshold.

Our benefit package includes health insurance, life and disability, 401(k) contributions, paid time off, etc., for employees working 30 or more hours per week on average. For a more comprehensive list of our benefits please click here. For roles where employees work less than 30 hours per week, benefits include 401(k) contributions as well as access to the Employee Assistance Program, Employee Resource Groups and the Employee Service Corp.

Every day, we’re focused on building a more diverse and inclusive company, one that recognizes, values and respects the differences we all bring to the workplace. From doing what’s right to delivering business results, together, we’re better. Explore our Diversity, Equity and Inclusion page here.

Medline Industries, LP is an equal opportunity employer. Medline evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.