Job Description

Job Summary 

As a member of the Exposure Management Team, the Cyber Security Specialist for External Attack Surface Management owns complex analysis across internet-facing assets—cloud, hybrid, SaaS, domains, applications, APIs, certificates, and shadow IT—to identify, validate, and prioritize vulnerabilities, misconfigurations, leaked data, and other exposures that create a material business risk. The Specialist will operate within the existing exposure management team as a subject matter expert in vulnerability management, ensuring sound practices while designing, growing, and maintaining the external attack surface management program, contributing to vulnerability identification and remediation methodologies, supporting penetration testing practices, report generation, and more. The Specialist will be responsible for seeking out and reporting on vulnerability discoveries and classifications of new vulnerabilities as well as partnering with Threat Intelligence to incorporate current threat activity into risk prioritization. The Specialist will work directly with other security and information technology team members to develop plans for reporting and remediation of vulnerabilities across all operating systems, applications, and other internet-facing assets in the enterprise.

Essential Functions

Designs, configures, and implements advanced Cyber Security technologies, ensuring compliance with NIST and other industry frameworks. Leads the identification, assessment, and resolution of complex security risks across infrastructure, applications, and data environments. Provides strategic input on the development and execution of security controls, policies, and standards. Partners with IT, business leaders, and audit stakeholders to align security strategies with enterprise initiatives. Develops and maintains comprehensive documentation for security systems, processes, and incident response procedures. Leads root cause analysis and resolution of high-impact security incidents and provides 24/7 expert-level support as needed. Mentors technical staff, influencing organizational security decisions and driving continuous improvement initiatives. Monitors security platforms and develops proactive threat detection and response strategies to reduce risk exposure. Performs other duties as assigned. Complies with all policies and standards.

Qualifications

H.S. Diploma or GED required Associate Degree or Bachelor’s Degree in Cyber Security, Computer Science, Information Systems, or related field preferred 7-9 years of Cyber Security or related IT experience required 8-10 years of enterprise-level security experience preferred

Knowledge, Skills and Abilities

Deep technical expertise in enterprise security domains including endpoint, network, and cloud security. Proven ability to troubleshoot, analyze, and resolve highly complex security issues. Strong understanding of security frameworks (e.g., NIST 800-53) and regulatory compliance requirements. Effective communicator with the ability to convey complex technical concepts to both technical and non-technical audiences. Demonstrated leadership in mentoring, team collaboration, and cross-functional stakeholder engagement. Ability to manage multiple initiatives in a fast-paced, high-risk environment.

Licenses and Certifications

Industry certifications such as CISSP, CISM, GIAC, OSCP, Security+, SSCP, GSEC, or ITIL preferred