Attack Surface Reduction Analyst

Attack Surface Reduction team contributes to improve the security posture of H&M by operating within an Agile model. We play a crucial role in proactively identifying and help in mitigating potential security risks and vulnerabilities across H&M's systems, applications, and networks, with the aim of preventing unauthorized access, data breaches, and other security incidents.  

We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong background in penetration testing to join our cybersecurity team. The successful candidate will be responsible for identifying potential security risks and vulnerabilities in our organization's systems, applications, and networks, performing penetration testing, and facilitating and managing third-party penetration testing engagements. 

1. Conduct comprehensive vulnerability assessments(VA) and penetration tests (PT) on H&M's systems, networks, and applications. 
2. Utilize industry-standard tools and methodologies to identify potential vulnerabilities and weaknesses in our attack surface. 
3. Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities in a timely manner. 
4. Experience in designing, implementing, and managing vulnerability management processes and workflows. 
5. Facilitate and manage penetration testing engagements with third-party vendors. 
6. Collaborate with other members of the cybersecurity team to develop and implement strategies to reduce our attack surface. 
7. Develop and maintain security policies and procedures for our organization's systems, applications, and networks. 
8. Monitor our organization's systems, applications, and networks for unauthorized access, suspicious activity, and other security threats. 
9. Stay up-to-date with the latest trends and developments in the field of cybersecurity, specifically related to attack surface reduction techniques. 

1. Bachelor's degree in computer science, information security, or a related field. 
2. 8-10 years of experience in vulnerability scanning, vulnerability management, and penetration testing. 
3. Solid knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. 
4. Strong knowledge of security assessment tools, vulnerability scanning, and penetration testing. 
5. Proficient in using industry-standard vulnerability assessment and penetration testing tools (e.g., Kali Distro, Qualys, Burp Suite, etc.). 
6. Familiarity with industry frameworks and standards, such as NIST, OWASP, and CIS. 
7. Effective communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders. 
8. Excellent analytical, problem-solving, and communication skills. 
9. Relevant certifications, such as SANS, OSCP, OSEP, CompTIA Security+ or CREST are a plus. 

Inclusion & Diversity 

At H&M Group, we’re determined to create and maintain inclusive, diverse, and equitable workplaces throughout our organization. Our teams should consist of a variety of people who share and combine their knowledge, experience, and ideas. Having a diverse workforce leads to a positive impact on how we address challenges, on what we perceive possible, and on how we choose to relate to our colleagues and customers all over the world. Hence all diversity dimensions are taken into consideration in our recruitment process.



We strive to have a fair and equal process and therefore kindly ask you not to attach a cover letter to your application as it often contains information that can easily trigger unintentional biases.

Benefits

We offer all our employees at H&M Group attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M Group brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP. You can read more about our H&M Incentive Program here. 



In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment types and countries.