Attack Surface Management Engineer
Found in: Whatjobs IN C2 - 2 weeks ago
Job Description
Description
The Attack Surface Management engineer is responsible for activities related to Attack Surface Management, with the goal to ensure comprehensive visibility of Experian’s attack surface and vulnerabilities.
Reporting Relationship
Reports to the Director Attack Surface Mgmt
Functions
Follows Attack Surface Mgmt processes to continuously monitor and improve visibility of the attack surface in order to detect anomalies faster and reduce incidences of cyber-attacks Perform verification/validation testing for vulnerabilities in external-facing web sites, web applications, and services; demonstrate exploitation steps and verify remediation/fixes Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigation techniques Engage with business stakeholders to ensure they fully understand their Attack Surface, and helps them identify prioritization of vulnerabilities Develops vulnerability KPIs/metrics to demonstrate coverage and remediation effectiveness Execute daily operations of the Attack Surface Mgmt program, including the interpretation of scanning results Asist in the identification of internal and external risks based on scanning results Assist in the attribution of findings to appropriate business owner Identify improvements to scan coverage Coordinate with IT and geographically dispersed business units vulnerability remediation and mitigation strategies Assist in the documentation and standardization of process and procedures related to Attack Surface Mgmt Aggregating vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpreting and presenting risk.Responsibilities/Requirements
Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, Path Traversal Attacks, Remote Execution Flaws, and Authentication Flaws Understanding of common web application frameworks and web-based APIs Experience with one or more scripting languages such as Bash, Python, Perl, PowerShell, etc. In-depth knowledge of architecture, engineering, and operations of one or more vulnerability management tools, such as Wiz, Qualys, Rapid7 and ServiceNow. Solid understanding of the application of the following frameworks and how they are applied to identifying and rating risk: OWASP, SANS, NIST, CIS, and MITRE ATT&CK. Ability to provide creative solutions to complex problems Ability to clearly communicate risk of vulnerabilities to all levels within an organization. Knowledge of major cloud platforms (AWS, Azure, or GCP). Knowledge of systems hardening and other risk mitigation factors on multiple technologies and operating systems (Window, Linux, Mac, routers, switches, Kubernetes). Certification that could be helpful but not required: CISSP, Security+, CEH, GIAC certifications. Ability to manage, organize, analyze, and present substantial amounts of data Experience selecting and deploying productPosition Requirements
Formal Education & Certification
Four-year college diploma or university degree in computer science or computer engineering, and/or 3 years equivalent work experience.
Qualifications
Position Requirements
Formal Education & Certification
Four-year college diploma or university degree in computer science or computer engineering, and/or equivalent work experience.Knowledge & Experience
experience in information security vulnerability management role Experience with large scale and complex environments A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management and security and controls Excellent interpersonal skills and strong verbal and written communication An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood and actionable manner Strong organizational skills with proven ability to manage multiple high visibility issues simultaneously Proactive attitude, seeking for improvement opportunities which can positively impact the security posture and the businessPersonal Attributes
Excellent oral and interpersonal communication skills Outstanding writing and documentation skills Able to communicate ideas in both technical and user-friendly language Highly self-motivated and directed, with keen attention to detail Able to prioritize and execute tasks in a high-pressure environment Experience working in a team-oriented, collaborative environment Willing to travel globally as required
Additional Information
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here
-
Attack Surface Management Engineer
Found in: Whatjobs IN C2 - 1 week ago
Hyderabad, India Experian Full timeJob DescriptionDescriptionThe Attack Surface Management engineer is responsible for activities related to Attack Surface Management, with the goal to ensure comprehensive visibility of Experian’s attack surface and vulnerabilities.Reporting RelationshipReports to the Director Attack Surface MgmtFunctionsFollows Attack Surface Mgmt processes to continuously...
-
Attack Surface Management Engineer
Found in: Talent IN C2 - 2 weeks ago
Hyderabad, India Experian Full timeJob Description Description The Attack Surface Management engineer is responsible for activities related to Attack Surface Management, with the goal to ensure comprehensive visibility of Experian’s attack surface and vulnerabilities. Reporting Relationship Reports to the Director Attack Surface Mgmt Functions Follows Attack Surface Mgmt...
-
Contract to Hire
1 week ago
Hyderabad / Secunderabad, Telangana, Bengaluru / Bangalore, India Shell Info Technologies Private Limited Full timeWork Locations i.e., Hyderabad/ Bangalore/ Mumbai/ Pune/ Gurgaon/ Kolkata/ ChennaiPrimary skills: vulnerability & assessment management, VM implementation , CIS Baseline.tools like rapid 7 , tenable , qualys guard ( certifications are added advantage ) Certifications CISSP ( Certified information system security professional ) not mandatoryClient facing...
-
IS Security Engineer III
Found in: Whatjobs IN C2 - 1 week ago
Hyderabad, India F5 Full timeAt F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.Everything we do centers around...
-
IS Security Engineer III
Found in: Whatjobs IN C2 - 2 weeks ago
hyderabad, India F5 Full timeAt F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers...
-
IS Security Engineer III
Found in: Talent IN C2 - 2 weeks ago
Hyderabad, India F5 Full timeAt F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers...
-
Software Engineer
Found in: Talent IN C2 - 7 days ago
Hyderabad, India Microsoft Full timeOverview : Microsoft is on a mission to empower every person and every organization on the planet to achieve more. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around...
-
Software Engineer
Found in: Whatjobs IN C2 - 20 hours ago
hyderabad, India Microsoft Full timeOverview : Microsoft is on a mission to empower every person and every organization on the planet to achieve more. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives...
-
Data Science Engineer
Found in: Whatjobs IN C2 - 1 week ago
Hyderabad, India Microsoft Full timeOverviewOverview:Are you a data enthusiast with a knack for engineering and analytics? Do you find joy in influencing product development through each stage of its lifecycle using data-driven insights? If you have a penchant for designing, measuring, understanding, and visualizing real-world user data to derive insights that drive business metrics, we are...
-
WAF Security Engineer
Found in: Whatjobs IN C2 - 1 week ago
Hyderabad, India PURVIEW Full timeRole: WAF Security Engineer (SME) Location: Any location in India (Hyd-pref) Job Description : Key Responsibilities • Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps. • Coding expertise to create effective testing mechanisms for baseline and custom WAF rules,...
-
WAF Security Engineer
Found in: Appcast Linkedin IN C2 - 1 week ago
Hyderabad, India PURVIEW Full timeRole: WAF Security Engineer (SME)Location: Any location in India (Hyd-pref)Job Description : Key Responsibilities• Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.• Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating...
-
WAF Security Engineer
Found in: Talent IN 2A C2 - 1 week ago
Hyderabad, India PURVIEW Full timeRole: WAF Security Engineer (SME)Location: Any location in India (Hyd-pref)Job Description : Key Responsibilities• Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.• Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating...
-
Data Science Engineer
Found in: Talent IN C2 - 1 week ago
Hyderabad, India Microsoft Full timeOverview Overview: Are you a data enthusiast with a knack for engineering and analytics? Do you find joy in influencing product development through each stage of its lifecycle using data-driven insights? If you have a penchant for designing, measuring, understanding, and visualizing real-world user data to derive insights that drive business...
-
Senior Data Science Engineer
Found in: Whatjobs IN C2 - 1 week ago
Hyderabad, India Microsoft Full timeOverview:Are you a data enthusiast with a knack for engineering and analytics? Do you find joy in influencing product development through each stage of its lifecycle using data-driven insights? If you have a penchant for designing, measuring, understanding, and visualizing real-world user data to derive insights that drive business metrics, we are eager to...
-
Data Science Engineer
Found in: Whatjobs IN C2 - 1 week ago
hyderabad, India Microsoft Full timeOverview Overview: Are you a data enthusiast with a knack for engineering and analytics? Do you find joy in influencing product development through each stage of its lifecycle using data-driven insights? If you have a penchant for designing, measuring, understanding, and visualizing real-world user data to derive insights that drive business...
-
Cst Penetration Tester
1 day ago
Hyderabad, India Claranet Full time**About The Role**: **Role** The primary function of the Penetration Tester in the CST team is to continually review the customers’ defined scope for vulnerabilities, identify additional targets that should be included in the scope, and report these to the client in a timely, accurate, and comprehensive manner. The Penetration Tester is also responsible...
-
Senior Data Science Engineer
Found in: Whatjobs IN C2 - 1 week ago
hyderabad, India Microsoft Full timeOverview : Are you a data enthusiast with a knack for engineering and analytics? Do you find joy in influencing product development through each stage of its lifecycle using data-driven insights? If you have a penchant for designing, measuring, understanding, and visualizing real-world user data to derive insights that drive business metrics, we are...
-
Senior Data Science Engineer
Found in: Talent IN C2 - 1 week ago
Hyderabad, India Microsoft Full timeOverview : Are you a data enthusiast with a knack for engineering and analytics? Do you find joy in influencing product development through each stage of its lifecycle using data-driven insights? If you have a penchant for designing, measuring, understanding, and visualizing real-world user data to derive insights that drive business metrics, we are...
-
Program Manager II, Transport Controllership
Found in: Whatjobs IN C2 - 2 weeks ago
hyderabad, India ADCI HYD 13 SEZ Full timeAnalytical and communication skills, and have a passion for using data to drive business decisions. You are analytical and creative, and you don’t quit until you solve the problem. You attack complex business questions with data and curiosity, diving below the surface to identify the root cause and the “so what” rather than just superficial trends. You...
-
Program Manager II, Transport Controllership
Found in: Talent IN C2 - 2 weeks ago
Hyderabad, India ADCI HYD 13 SEZ Full timeAnalytical and communication skills, and have a passion for using data to drive business decisions. You are analytical and creative, and you don’t quit until you solve the problem. You attack complex business questions with data and curiosity, diving below the surface to identify the root cause and the “so what” rather than just superficial trends. You...
