Attack Surface Management Engineer

Posted 2 Days Ago
Be an Early Applicant
Hyderabad, Telangana
Mid level
Big Data • Marketing Tech • Analytics
The Role
The Attack Surface Management Engineer monitors and improves visibility of Experian’s attack surface to detect cyber-attack anomalies. Responsibilities include vulnerability testing on web applications, generating reports, engaging stakeholders on risk management, and documenting standard procedures. The role involves identifying vulnerabilities based on scanning results and coordinating with IT for remediation.
Summary Generated by Built In

Company Description

Experian unlocks the power of data to create opportunities for consumers, businesses and society. During life’s big moments – from buying a home or car, to sending a child to college, to growing a business exponentially by connecting it with new customers – we empower consumers and our clients to manage data with confidence so they can maximize every opportunity. We gather, analyse and process data in ways others can’t. We help individuals take financial control and access financial services, businesses make smarter decision and thrive, lenders lend more responsibly, and organizations prevent identity fraud and crime. For more than 125 years, we’ve helped consumers and clients prosper, and economies and communities flourish – and we’re not done. Our 20,600 people in 43 countries believe the possibilities for you, and our world, are growing. We’re investing in new technologies, talented people and innovation so we can help create a better tomorrow.

Job Description

Description

The Attack Surface Management engineer is responsible for activities related to Attack Surface Management, with the goal to ensure comprehensive visibility of Experian’s attack surface and vulnerabilities.

Reporting Relationship

Reports to the Director Attack Surface Mgmt

Functions

  • Follows Attack Surface Mgmt processes to continuously monitor and improve visibility of the attack surface in order to detect anomalies faster and reduce incidences of cyber-attacks
  • Perform verification/validation testing for vulnerabilities in external-facing web sites, web applications, and services; demonstrate exploitation steps and verify remediation/fixes
  • Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigation techniques
  • Engage with business stakeholders to ensure they fully understand their Attack Surface, and helps them identify prioritization of vulnerabilities
  • Develops vulnerability KPIs/metrics to demonstrate coverage and remediation effectiveness
  • Execute daily operations of the Attack Surface Mgmt program, including the interpretation of scanning results
  • Asist in the identification of internal and external risks based on scanning results
  • Assist in the attribution of findings to appropriate business owner
  • Identify improvements to scan coverage
  • Coordinate with IT and geographically dispersed business units vulnerability remediation and mitigation strategies
  • Assist in the documentation and standardization of process and procedures related to Attack Surface Mgmt
  • Aggregating vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpreting and presenting risk.

Responsibilities/Requirements

  • Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, Path Traversal Attacks, Remote Execution Flaws, and Authentication Flaws
  • Understanding of common web application frameworks and web-based APIs
  • Experience with one or more scripting languages such as Bash, Python, Perl, PowerShell, etc.
  • In-depth knowledge of architecture, engineering, and operations of one or more vulnerability management tools, such as Wiz, Qualys, Rapid7 and ServiceNow.
  • Solid understanding of the application of the following frameworks and how they are applied to identifying and rating risk: OWASP, SANS, NIST, CIS, and MITRE ATT&CK.
  • Ability to provide creative solutions to complex problems
  • Ability to clearly communicate risk of vulnerabilities to all levels within an organization.
  • Knowledge of major cloud platforms (AWS, Azure, or GCP).
  • Knowledge of systems hardening and other risk mitigation factors on multiple technologies and operating systems (Window, Linux, Mac, routers, switches, Kubernetes).
  • Certification that could be helpful but not required: CISSP, Security+, CEH, GIAC certifications.
  • Ability to manage, organize, analyze, and present substantial amounts of data
  • Experience selecting and deploying product

Position Requirements

Formal Education & Certification

  • Four-year college diploma or university degree in computer science or computer engineering, and/or 3 years equivalent work experience.

Qualifications

Position Requirements

Formal Education & Certification

  • Four-year college diploma or university degree in computer science or computer engineering, and/or equivalent work experience.

Knowledge & Experience

  •  experience in information security vulnerability management role
  • Experience with large scale and complex environments 
  • A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies
  • Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management and security and controls
  • Excellent interpersonal skills and strong verbal and written communication
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood and actionable manner
  • Strong organizational skills with proven ability to manage multiple high visibility issues simultaneously
  • Proactive attitude, seeking for improvement opportunities which can positively impact the security posture and the business


Personal Attributes

  • Excellent oral and interpersonal communication skills
  • Outstanding writing and documentation skills
  • Able to communicate ideas in both technical and user-friendly language
  • Highly self-motivated and directed, with keen attention to detail
  • Able to prioritize and execute tasks in a high-pressure environment
  • Experience working in a team-oriented, collaborative environment
  • Willing to travel globally as required

Additional Information

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Top Skills

Bash
Perl
Powershell
Python
The Company
HQ: Costa Mesa, CA
16,292 Employees
On-site Workplace
Year Founded: 1980

What We Do

Experian unlocks the power of data to create opportunities for consumers, businesses and society.

During life’s big moments – from buying a home or car, to sending a child to college, to growing a business exponentially by connecting it with new customers – we empower consumers and our clients to manage data with confidence so they can maximize every opportunity.

We gather, analyse and process data in ways others can’t. We help individuals take financial control and access financial services, businesses make smarter decision and thrive, lenders lend more responsibly, and organizations prevent identity fraud and crime.

For more than 125 years, we’ve helped consumers and clients prosper, and economies and communities flourish – and we’re not done.

Our 20,600 people in 43 countries believe the possibilities for you, and our world, are growing. We’re investing in new technologies, talented people and innovation so we can help create a better tomorrow.


About Experian:

Bringing data to life requires creativity, passion, flexibility and expertise.

We want you to share in our success. That's why we offer rewards that recognise great performance.

Working in a culture of collaboration, achievement and respect we will give you the support and encouragement you need to develop your skills and talents and progress your career.

Everyday our people bring enthusiasm, innovation and inspiration to work and if this sounds like you connect with us at Experian.

Similar Jobs

ServiceNow Logo ServiceNow

Staff Software Quality Engineer

Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Hybrid
Hyderabad, Telangana, IND
26000 Employees

ServiceNow Logo ServiceNow

Software Quality Engineer

Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Hybrid
Hyderabad, Telangana, IND
26000 Employees

ServiceNow Logo ServiceNow

Software Engineer

Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Hybrid
Hyderabad, Telangana, IND
26000 Employees

Warner Bros. Discovery Logo Warner Bros. Discovery

Staff Software Engineer - Data Platform

Artificial Intelligence • Digital Media • Gaming • Machine Learning • News + Entertainment • Software
Hybrid
Hyderabad, Telangana, IND
40000 Employees

Similar Companies Hiring

Effectv Thumbnail
Marketing Tech • Digital Media • AdTech
New York, NY
2157 Employees
RollWorks Thumbnail
Marketing Tech
US
InCommodities Thumbnail
Renewable Energy • Machine Learning • Information Technology • Energy • Automation • Analytics
Austin, TX
234 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account