Key skills
AssemblyAWSDNSFirewallsJenkinsPythonTerraformBashPowerShellIdentity ManagementGitHubGitLabCI/CD
About this role
Role Overview
- Lead EASM Validation and Engineering: Investigate and reproduce findings from EASM platforms (e.g., exposed services, misconfigurations, weak crypto, DNS issues, leaked assets)
- Perform Active/Passive Reconnaissance: Familiarity with open-source techniques and tools for profiling attack surface
- Advance EASM Capabilities: Develop tuning logic for discovery seeds and asset correlation. Continuously improve signal fidelity and automate common validation tasks
- Design and Execute BAS Scenarios: Plan and conduct realistic cyberattack simulations that mirror real-world threat actor TTPs across enterprise environments.
- Analyze Simulation Results: Assess BAS outcomes to identify security control gaps, vulnerabilities, and opportunities for improved detection and response.
- Provide Actionable Recommendations: Develop and communicate prioritized recommendations to strengthen security policies, procedures, and technical controls.
- Collaborate Across Teams: Work with red, blue, and purple teams, as well as incident response and threat intelligence groups, to adjust alerts, rules, and detection logic.
- Threat Hunting and Intelligence: Leverage threat intelligence to inform EASM scenarios and proactively address emerging threats.
- Vulnerability Management Support: Contribute to the identification, prioritization, and remediation of vulnerabilities based on simulation and testing results.
- Documentation and Reporting: Maintain detailed documentation of ASM & BAS methodologies, procedures, and findings; communicate technical results clearly to both technical and non-technical stakeholders.
- Continuous Integration/Continuous Deployment (CI/CD): Design, develop and maintain CI/CD Pipeline(s) (e.g., Gitlab, Terraform, AWS, Jenkins, Github)
- Automation/Scripting: Design and Execute automation scripts (e.g., Python, Powershell, Bash, etc.)
Requirements
- Bachelor’s degree and five years of experience in systems engineering or administration or an equivalent combination of education and work experience
- In-depth knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security
- Previous experience in planning and managing IT projects
Tech Stack
- Assembly
- AWS
- DNS
- Firewalls
- Jenkins
- Python
- Terraform
Benefits
- medical, dental, vision, life insurance
- disability, accidental death and dismemberment
- tax-preferred savings accounts
- 401k plan
- no less than 10 days of vacation
- 10 sick days
- paid holidays