About us, but we’ll be brief

We are very proud that FORTUNE named us one of The 100 Best Companies to Work For. In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine.

The Attack Surface Management Engineer is responsible for activities related to the full scope of attack surface management, with the goal to ensure comprehensive visibility and actionability of Experian’s entire attack surface, exposures, and vulnerabilities, minimizing Experian’s risk potential.

Responsibilities:

· Executes and iteratively improves on Attack Surface Management processes to continuously monitor and strengthen visibility of the attack surface in order to detect anomalies faster and reduce incidences or potential of cyber-attacks

· Perform verification/validation testing for vulnerabilities across all asset types; demonstrate exploitation steps and verify remediation/fixes

· Perform programmatic and ad-hoc asset discovery in order to find and eliminate coverage gaps

· Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigation techniques

· Engage with business stakeholders to ensure they fully understand their Attack Surface, providing them clear prioritization of vulnerabilities. Coordinate with IT and geographically dispersed Business Units on vulnerability remediation and mitigation strategies

· Establish an accountable culture for improving the security posture, through vulnerability KPIs and metrics on coverage and remediation effectiveness

· Execute daily operations of the Attack Surface Mgmt program, including the interpretation of scanning results

· Asist in the identification of internal and external risks based on scanning results

· Assist in the attribution of findings to appropriate business owner

· Identify improvements to scan coverage

· Assist in the documentation and standardization of process and procedures related to Attack Surface Management

· Aggregating vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpreting and presenting risk.

Functional Requirements

• Expert level engineering knowledge and experience in support of Attack Surface Management in one or more of the following: Web Application, Networking/Protocols, Network Infrastructure, Network Appliances, APIs, Cloud Infrastructure, Cloud Services, Mobile Devices, Mobile Applications, IoT, Endpoints, Operating Systems, Wireless networking, Third-party Integrations, Data Storage, Databases, CICD, Application Dependencies.
• Four-year college diploma or university degree in computer science or computer engineering, and/or 5 years equivalent work experience.
• Expert level vulnerability, remediation, and mitigation knowledge as it applies to several of the following:  Common web applications, APIs, misconfigurations, hosts, mobile, IoT, endpoints, infrastructure, cloud, network appliance, OS, firmware, software supply-chain.
• Knowledge of systems hardening and other risk mitigation factors on multiple technologies and operating systems (Window, Linux, Mac, routers, switches, Kubernetes, other).
• Experience with one or more scripting languages such as Bash, Python, Perl, PowerShell, etc.
• Working knowledge of networking standards and protocols: IPv4 IPv6, TCP/IP, DNS, HTTPS, TLS, BGP, Firewalls and NAT, SMTP, VPN, ICMP, SSH, IPSec, etc.
• In-depth knowledge of architecture, engineering, and operations of one or more vulnerability management tools, such as Wiz, Qualys, Rapid7, Tenable, and ServiceNow.
• Solid understanding of the application of some of the following frameworks and regulations, and how they are applied to identifying and rating risk: OWASP, SANS, NIST, CVSS, CIS, OSSTM, ISO 27001, MITRE ATT&CK, PCI, HIPAA, GDPR, CMMC, other.
• Knowledge of major cloud platforms (AWS, Azure, or GCP).
• Demonstrated ability to provide creative solutions to complex problems.
• Demonstrated ability to clearly communicate risk of vulnerabilities to all levels within an organization.
• Ability to manage, organize, analyze, and present substantial amounts of data in an informed and impactful manner.
• Experience selecting, deploying, and maintaining product.

Knowledge & Experience

• Certification that could be helpful but not required: CISSP, Security+, CEH, GIAC certifications.
• Combined of 5+ years of experience in information security vulnerability management role and in security or technology engineering roles.
• Experience with large scale and complex environments.
• A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies.
• Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management and security and controls.
• Excellent interpersonal skills and strong verbal and written communication.
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood and actionable manner.
• Strong organizational skills with proven ability to manage multiple high visibility issues simultaneously.
• Proactive attitude, seeking for improvement opportunities which can positively impact the security posture and the business.

Personal Attributes

• Excellent oral and interpersonal communication skills
• Outstanding writing and documentation skills
• Able to communicate ideas in both technical and user-friendly language
• Highly self-motivated and directed, with keen attention to detail
• Able to prioritize and execute tasks in a high-pressure environment
• Experience working in a team-oriented, collaborative environment
• Willing to travel globally as required

All your information will be kept confidential according to EEO guidelines.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe.  See our DEI work in action!

Please contact us at [email protected] to request the salary range of this position (please include the exact Job Title as it reads above in your email). In addition to a competitive base salary and variable pay opportunity, Experian offers a comprehensive benefits package including health, life and disability insurance, generous paid time off including 12 company paid holidays and parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

Experian Careers – Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above.  Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience and education.  This position is also eligible for a variable pay opportunity and a comprehensive benefits package which includes health, life and disability insurance, generous paid time off including paid parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. We’re passionate about unlocking the power of data to transform lives and create opportunities for consumers, businesses, and society. For more than 125 years, we’ve helped people and economies flourish – and we’re not done.

We take our people’s agenda very seriously. We focus on what truly matters; diversity and inclusion, work/life balance, flexible working, development, collaboration, wellness, reward & recognition, volunteering, making an impact… the list goes on. See our DEI work in action!

The power of YOU. We are building a culture where everyone is comfortable bringing their whole self to work. A place where we not only respect our differences and values but celebrate them in a positive and supportive environment.

Find out what is like to work for Experian and discover the Unexpected!