Attack Surface Reduction Analyst

WHAT YOU'LL DO

We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong background in penetration testing to join our cybersecurity team. The successful candidate will be responsible for identifying potential security risks and vulnerabilities in our organization's systems, applications, and networks, performing penetration testing, and facilitating and managing third-party penetration testing engagements.

WHO YOU'LL WORK WITH​

Attack Surface Reduction team helps and contribute to improve the security posture of H&M by operating within an Agile model. We play a crucial role in proactively identifying and help in mitigating potential security risks and vulnerabilities across H&M's systems, applications, and networks, with the aim of preventing unauthorized access, data breaches, and other security incidents.

Key Responsibilities:

• Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on H&M's systems, networks, and applications.
• Utilize industry-standard tools and methodologies to identify potential vulnerabilities and weaknesses in our attack surface.
• Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities in a timely manner.
• Experience in designing, implementing, and managing vulnerability management processes and workflows.
• Facilitate and manage penetration testing engagements with third-party vendors.
• Collaborate with other members of the cybersecurity team to develop and implement strategies to reduce our attack surface.
• Develop and maintain security policies and procedures for our organization's systems, applications, and networks.
• Monitor our organization's systems, applications, and networks for unauthorized access, suspicious activity, and other security threats.
• Stay up to date with the latest trends and developments in the field of cybersecurity, specifically related to attack surface reduction techniques.

WHO YOU ARE​

We are looking for people with…​

• Bachelor's degree in computer science, information security, or a related field.
• 3-5 years of experience in vulnerability scanning, vulnerability management, and penetration testing.
• Solid knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices.
• Strong knowledge of security assessment tools, vulnerability scanning, and penetration testing.
• Proficient in using industry-standard vulnerability assessment and penetration testing tools (e.g., Kali Distro, Qualys, Burp Suite, etc.).
• Familiarity with industry frameworks and standards, such as NIST, OWASP, and CIS.
• Effective communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders.
• Excellent analytical, problem-solving, and communication skills.
• Relevant certifications, such as SANS, OSCP, OSEP, CompTIA Security+ or CREST are a plus.

WHY YOU'LL LOVE WORKING HERE ​

At H&M, we are proud to be a vibrant and welcoming company. We offer our employees attractive benefits with extensive development opportunities around the globe.

We offer all our employees at H&M attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP. You can read more about our H&M Incentive Program here.

In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment types and countries.

JOIN US​

Our uniqueness comes from a combination of many things – our inclusive and collaborative culture, our strong values, and opportunities for growth. But most of all, it's our people who make us who we are.​

Take the next step in your career together with us. The journey starts here.​

​*We are committed to a recruitment process that is fair, equitable, and based on competency. We therefore kindly ask you to not attach a cover letter in your application.

ADDITIONAL INFORMATION

This is a full-time position, starting in October 2025.

Apply by sending in your CV in English as soon as possible, but no later than the 30th of September 2025. Due to data policies, we only accept applications through the SmartRecruiters or career page