Cybersecurity Attack Surface Management Expert
This role has been designed as ‘Hybrid’ with an expectation that you will work on average 2-3 days per week from an HPE office.
Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world. Our culture thrives on finding new and better ways to accelerate what’s next. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE.
Job Description:
About our Cyber Security team:
Are you ready to make an impact at one of the world’s leading tech companies? HPE’s Cybersecurity team is where you can do just that! We’re looking for a dynamic and experienced Attack Surface expert to join our Cybersecurity team. If you’re passionate about shaping the future of cybersecurity and ready for your next challenge, we’d love to hear from you.
About the role:
As an Attack Surface Management (ASM) engineer at HPE, you will be responsible for the proactive identification and management of vulnerabilities, misconfigurations, and other security risks across HPE's threat landscape. Your role will focus on continuously assessing and reducing the organization's attack surface, ensuring that security risks are identified, prioritized, and remediated in a timely manner. You will leverage cyber intelligence to anticipate potential threats, enhance HPE’s defensive strategies, as well as partner with stakeholders to prioritize HPE’s risk mitigation & remediation efforts.
About You:
- Expert-level proficiency in attack surface management tools and vulnerability assessment platforms.
- Strong analytical and problem-solving skills, with the ability to assess complex environments and identify security risks.
- Advanced knowledge of scripting and automation (e.g., Python, PowerShell) to enhance asset discovery and vulnerability assessment capabilities.
- Ability to work independently and lead high-impact projects in a fast-paced, high-pressure environment.
- Advanced Cyber and IT security knowledge
- Advanced understanding of networking and network security
- Advanced security system analysis skills
- Advanced risk assessment and management skills
- Understanding of Cyber and IT security risks, threats, and prevention measures
- Understanding of SQL and relevant scripting languages
- Experience with vulnerability management tools and scanners
- Experience with attack surface management tools and methodologies.
- Experience with threat intelligence platforms and sources.
- Excellent communication skills, with the ability to explain complex technical issues to non-technical audiences.
You will be responsible for:
- Lead the identification and continuous monitoring of the organization’s external digital assets, including domains, IP addresses, cloud environments, and third-party integrations.
- Utilize advanced tools and methodologies to discover and inventory all external-facing assets, ensuring comprehensive visibility across the organization’s attack surface.
- Stay informed about changes in the organization’s digital footprint, such as new acquisitions, mergers, or cloud deployments, and adjust monitoring strategies accordingly.
- Analyze identified assets for vulnerabilities, misconfigurations, and other security risks that could be exploited by adversaries.
- Perform regular assessments and prioritize vulnerabilities based on potential impact and exploitability.
- Collaborate with vulnerability management and incident response teams to ensure timely remediation of identified issues.
- Develop and implement proactive defense strategies to reduce the organization’s attack surface and mitigate the risk of cyber-attacks.
- Work closely with security architecture and engineering teams to ensure secure configurations and to apply best practices for minimizing exposure.
- Provide actionable insights and recommendations to senior leadership on how to reduce risk and enhance the security of external assets.
- Integrate threat intelligence into attack surface management practices to stay ahead of emerging threats and adversary tactics.
- Conduct risk analysis to assess the potential impact of vulnerabilities and to prioritize defence efforts accordingly.
- Share findings with relevant teams and stakeholders to inform security strategies and decision-making processes.
- Develop and maintain detailed reports and dashboards on attack surface metrics, vulnerability findings, and risk assessments.
- Provide regular briefings to senior leadership on the state of the organization’s attack surface, highlighting key risks and recommended actions.
- Ensure comprehensive documentation of processes, methodologies, and findings, contributing to the organization’s knowledge base.
Education & Experience Requirements:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent experience.
- 8 years + of experience in cybersecurity, with a focus on attack surface management, vulnerability management, or threat intelligence.
- Proven experience in managing and reducing attack surfaces for large, complex organizations.
- Strong knowledge of external digital assets, including cloud environments, web applications, and third-party integrations, and the associated security risks.
- Required: Certified Information Systems Security Professional (CISSP), GIAC Certified Vulnerability Assessor (GCVA), or equivalent.
- Preferred: GIAC Certified Penetration Tester (GPEN), Certified Ethical Hacker (CEH), or similar advanced certifications demonstrating expertise in attack surface management.
#cybersecurity
Accountability, Accountability, Action Planning, Active Learning (Inactive), Active Listening, Agile Methodology, Bias, Business, Coaching, Creativity, Critical Thinking, Cybersecurity, Data Analysis Management, Data Collection Management (Inactive), Data Controls, Design Thinking, Development Methodologies, Empathy, Follow-Through, Growth Mindset, Implementation Methodologies, Infrastructure Design, Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity {+ 4 more}
Health & Wellbeing
We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.
Personal & Professional Development
We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.
Diversity, Inclusion & Belonging
We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.
Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE.
#ireland
#technologyandsoftware
Job:
Information Technology
Job Level:
TCP_04
HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT and Affirmative Action employer. We are committed to diversity and building a team that represents a variety of backgrounds, perspectives, and skills. We do not discriminate and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global diverse team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity.
Hewlett Packard Enterprise is EEO F/M/Protected Veteran/ Individual with Disabilities.
HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.