JOBSEARCHER

Security Engineer II, Attack Surface Management

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

Security Engineer II – Attack Surface Management (ASM)Pay Range: $53/hour to $59/hour We are seeking a Security Engineer II – Attack Surface Management (ASM) to support enterprise-wide security initiatives focused on reducing organizational risk. This role is responsible for continuously discovering assets, identifying vulnerabilities, and driving remediation across infrastructure, cloud environments, applications, and connected devices.The ideal candidate brings a proactive, risk-based mindset to vulnerability and exposure management and is experienced in working across diverse technology environments.Key ResponsibilitiesOperate and maintain continuous asset discovery and vulnerability scanning capabilitiesIdentify, validate, prioritize, and track remediation of vulnerabilities and misconfigurationsApply risk-based prioritization using frameworks such as CVSSSupport cloud security posture management (CSPM) and configuration hardening effortsPartner with engineering and application teams to support secure development lifecycle (SDLC) activitiesAssist in identifying and managing application security risks and findingsCoordinate remediation efforts for vulnerabilities across infrastructure, cloud, and connected/IoT devicesDevelop and maintain security metrics, dashboards, and reporting aligned to KPIs and KRIsProvide input during security incidents, including root cause analysis and remediation guidanceRequired QualificationsAssociate’s degree in Computer Science or related field, or equivalent practical experience5–7+ years of experience in vulnerability management, security engineering, or cloud/application securityHands-on experience with vulnerability scanning tools and remediation workflowsStrong understanding of CVSS scoring and risk-based vulnerability prioritizationFamiliarity with enterprise environments spanning infrastructure, cloud, and applicationsPreferred QualificationsExperience in healthcare or regulated environments (nice to have)Exposure to IoT or connected device securityIndustry certifications such as Security+, SSCP, or cloud security certificationsAdditional ExpectationsLead or coordinate remediation efforts for non-active vulnerabilities, including connected devicesAct as a consulted resource during major incidents, supporting root cause analysis and remediation strategiesCollaborate cross-functionally with security, engineering, and operations teamsWhat Success Looks LikeImproved visibility into enterprise assets and vulnerabilitiesTimely and effective remediation of identified risksStrong alignment between security, engineering, and operational teamsMeasurable improvements in security posture through KPIs and KRIs