ZipRecruiter

Log In

1

Attack Surface Management Jobs (NOW HIRING)

next page

Showing results 1-20

All JobsAttack Surface Management Jobs

Attack Surface Management information

Can I make $200,000 a year in cyber security?

Attack Surface Management roles in cybersecurity can offer salaries approaching or exceeding $200,000 annually for experienced professionals with specialized skills, certifications, and extensive industry experience. High earning potential is often associated with senior positions, leadership roles, or those working in large organizations with complex security needs.

What are the key skills and qualifications needed to thrive as an Attack Surface Management professional, and why are they important?

To thrive in Attack Surface Management, you need strong knowledge of cybersecurity fundamentals, vulnerability assessment, and risk analysis, often supported by a degree in computer science or information security. Familiarity with ASM platforms, vulnerability scanners, and certifications like CISSP or CEH are typically required. Analytical thinking, attention to detail, and effective communication are vital soft skills for identifying risks and working with cross-functional teams. These competencies are crucial for proactively identifying and mitigating threats, thereby strengthening an organization’s overall security posture.

What is the highest paid cyber security job?

In cybersecurity, roles such as Chief Information Security Officer (CISO) and Security Director tend to be the highest paid, often earning six-figure salaries or more depending on experience and organization size. Senior roles requiring extensive expertise in risk management, compliance, and strategic planning typically command the highest compensation in the field.

Is cybersecurity still worth it in 2026?

Attack Surface Management is a critical aspect of cybersecurity, which remains highly valuable in 2026 due to increasing digital threats and complex IT environments. Professionals in this field use tools like asset discovery and vulnerability scanning to identify and reduce security risks, making cybersecurity roles essential for organizations to protect sensitive data and maintain compliance.

What is the difference between Attack Surface Management vs Vulnerability Analyst?

AspectAttack Surface ManagementVulnerability Analyst
Primary FocusIdentifying and reducing the organization's attack surfaceDetecting and analyzing security vulnerabilities in systems
Skills & CertificationsCybersecurity knowledge, risk assessment, security toolsSecurity certifications (e.g., CISSP, CEH), vulnerability scanning
Work EnvironmentSecurity teams, IT departments, proactive security planningSecurity operations centers, incident response teams
Industry UsageCybersecurity, IT security managementCybersecurity, penetration testing, security analysis

While both roles focus on cybersecurity, Attack Surface Management emphasizes proactively identifying and reducing potential attack points, whereas Vulnerability Analysts focus on detecting and analyzing existing vulnerabilities. Understanding these differences helps organizations allocate resources effectively for comprehensive security.

What are some common challenges faced by professionals in Attack Surface Management, and how can they effectively address them?

Professionals in Attack Surface Management often face the challenge of continuously identifying and monitoring an organization’s expanding digital footprint, especially with the rapid adoption of cloud services and remote work environments. Keeping up with emerging vulnerabilities and ensuring all assets are accounted for can be difficult. Effective communication and collaboration with IT, DevOps, and security teams are essential to prioritize remediation efforts and close gaps quickly. Leveraging automated tools, maintaining up-to-date asset inventories, and fostering a security-aware culture can help overcome these challenges.

What is Attack Surface Management?

Attack Surface Management (ASM) is the process of continuously discovering, analyzing, and monitoring all digital assets and potential entry points—such as servers, cloud services, applications, and endpoints—that could be exploited by cyber attackers. ASM helps organizations identify and remediate vulnerabilities before they can be targeted by malicious actors. By maintaining visibility into an organization's attack surface, security teams can prioritize risk and strengthen their overall cybersecurity posture.

What does attack surface management do?

Attack surface management is a cybersecurity role focused on identifying, monitoring, and reducing an organization's exposed digital assets to prevent potential cyber threats. It involves using tools and techniques to discover vulnerabilities across networks, applications, and infrastructure, enabling proactive defense strategies.
What cities are hiring for Attack Surface Management jobs? Cities with the most Attack Surface Management job openings:
What states have the most Attack Surface Management jobs? States with the most job openings for Attack Surface Management jobs include:
Attack Surface Management jobs near you
Attack Surface Management Engineer

Attack Surface Management Engineer

Montefiore Health System Inc

Elmsford, NY • On-site

Other

Posted 9 days ago

Job description

City/State:
Elmsford, New York
Grant Funded:
No
Department:
Work Shift:
Day
Work Days:
MON-FRI
Scheduled Hours:
8:30 AM-5 PM
Scheduled Daily Hours:
7.5 HOURS
Pay Range:
$112,000.00-$140,000.00
Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, procedures, and approaches to patient care, producing stellar outcomes and raising the bar for academic medical centers in the region and around the world. Our work to improve health outcomes in underserved communities is unparalleled in the United States. Our workforce is among the most diverse in the US: Montefiore associates speak 60+ languages.
As a Cybersecurity Engineer in Montefiore Technology , you directly support patient safety, clinical operations, and the protection of sensitive health information. This role pro vides the opportunity to work deeply with modern security technologies while contributing to our mission-driven organization where cybersecurity is essentia l to care delivery.
The Attack Surface Management (ASM) Engineer is a security engineering role responsible for conducting and supporting attack surface discovery, vulnerability management, and exposure reduction activities across a complex healthcare environment. Building upon foundational ASM analyst experience, this role emphasizes hands-on technical execution, operational discipline, and collaboration with IT, Clinical Engineering, Cloud, and Security Operations teams to reduce cyber risk while supporting patient care.
Responsibilities:
  • Work with architecture and engineering personnel to implement automation and orchestration solutions where appropriate to improve efficiency and reduce manual effort.
  • Collaborate with IT, clinical teams, and other departments to ensure cybersecurity measures are integrated into everyday operations without disrupting patient care.
  • Manage vendor relationships related to security solutions, testing services, and consulting engagements.
  • Maintain security tools and services ensuring continued uptime and efficient execution of scanning activities.
  • Work with DevOps, cloud, and IT infrastructure teams to incorporate secure development practices and vulnerability remediation into their workflows.
  • Perform continuous device and asset discovery across IT, cloud, medical, and IoT/OT environments using approved ASM tooling.
  • Review and validate asset discovery and vulnerability findings to identify unmanaged, unknown, or misclassified assets.
  • Correlate exposure and vulnerability data with CMDBs, internal inventories, and cloud asset repositories to improve accuracy.
  • Support the enterprise vulnerability management lifecycle by tracking findings from identification through remediation.
  • Apply risk-based vulnerability prioritization using exploitability, asset criticality, and business impact.
  • Coordinate with system, application, and device owners to validate their proposed remediation actions and timelines.
  • Review third-party penetration testing results and assist with remediation tracking and validation.
  • Collaborate with SOC and incident response teams to contextualize vulnerabilities during investigations.
  • Develop and maintain technical documentation, SOPs, and workflows related to ASM processes.
  • Contribute to dashboards, KPIs, and reporting that measure attack surface coverage, vulnerability aging, and risk reduction.
  • Monitor vulnerability and threat trends relevant to healthcare and emerging technologies.
  • Assist with automation and orchestration initiatives to improve ASM efficiency under manager guidance.

Requirements:
  • Bachelor's degree or equivalent work experience.

  • 4 - 6 years Cybersecurity or IT experience with progression from vulnerability analysis, exposure management, or ASM analyst functions.

  • 4 - 6 years p rior experience in highly regulated environments .

  • Strong proficiency with asset discovery and attack surface management technologies across on - prem IT, cloud, and IoMT environments.

  • Strong ability to interpret, validate , and assess findings from attack surface management (ASM) and vulnerability management platforms.

  • Strong understanding of the vulnerability management lifecycle, including remediation processes and governance requirements.

  • Foundational experience correlating data across CMDBs, cloud inventories, and security tools.

  • Ability to communicate technical findings to non-technical stakeholders with guidance.

  • Working knowledge of healthcare cybersecurity frameworks including HIPAA, HITECH, NIST CSF, HITRUST, HICP, and NYSDOH 405.46.

  • Strong analytical skills with attention to detail and data accuracy.

  • Ability to operate effectively within defined processes and escalate appropriately.

Preferred:
  • Prior experience in healthcare
  • One of the following certifications required or obtained within 18 months of hire:
    • CompTIA PenTest+
    • GIAC Security Essentials (GSEC)
    • Tenable Certified Nessus Auditor (TCNA)
    • CREST Registered Vulnerability Specialist (RVS)

#SF-DICE-MIT
#LI-MF1
Montefiore Health System, Inc. is an equal employment opportunity employer. Montefiore Health System, Inc. will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law.

Apply