Attack Surface Engineer
Location: Fort Lauderdale
Posted on: June 23, 2025
|
|
|
Job Description:
Global Financial Firm located in Fort Lauderdale, FL / Irving,
TX has an immediate contract opportunity for an experienced Attack
Surface Engineer "This role is currently on a Hybrid Schedule. You
will need to have reliable internet, computer and android or iphone
for remote access into the client systems during remote work. We
will be expected in the office weekly 2-3 days depending on the
team requirement. Video/ f2f interviews are required prior to all
offers. The Role: This individual will participate in activities as
part of the organization s Attack Surface Reduction (ASR) program
and Breach Attack Simulation (Client) program. The candidate may
also participate in Red Team and Penetration Testing exercises. To
be successful in this role, the ideal candidate will have
experience with reconnaissance, attack surface mapping techniques,
strong programming background and offensive security experience.
Responsibilities Assist with the development and implementation of
program management processes and tools related to attack surface
reduction Support Client s Red, Blue, and Purple Teams during the
execution of offensive security assessment operations Develop and
implement Red Team automation tools utilizing various programming
languages Assist in developing and maintaining technical
documentation Monitor program progress and identify potential risks
and issues, including the changes in the firm s attack surface or
the emergence of new threats Review and validate automated testing
results and prioritize actions that resolve issues based on overall
risk Analyze source code to mitigate identified weaknesses and
vulnerabilities within the system Review and validate automated
testing results and prioritize actions that resolve issues based on
overall risk Scan and analyze applications with automated tools,
and perform manual testing if necessary Reduce risk by analyzing
the root cause of issues, their impact, and required corrective
actions Identify opportunities to automate and standardize
information security controls and for the supported group Establish
meaningful partnerships with relevant stakeholders across the
enterprise is a key function of this role to build and maintain a
comprehensive model of applicable, feasible threats, and risks to
the business Act as a subject matter expert and provide guidance
with stakeholders Identify and ensure compliance with relevant
frameworks and guidelines (e.g., NIST) Demonstrate appropriate
consideration for the firm's reputation and safeguarding
Clientgroup, its clients, and assets by driving compliance with
applicable laws, regulations, and Client Policy Qualifications 4
years experience or equivalent knowledge and exposure are required
with most of the following: An understanding of attack surface
management tools, including their capabilities and limitations Deep
understanding of reconnaissance types and techniques Strong
communication and interpersonal skills, including experience with
technical and non-technical teams Excellent analytical and
problem-solving skills, with the ability to analyze complex data
sets, and provide recommendations for mitigating risk Familiarity
with big data technologies, data analysis and visualization tools:
Tableau, Spark, Hive, Hadoop, etc. Experience with program
management tools: ServiceNow, JIRA, Confluence, etc. Conducting
Vulnerability Assessments and Penetration Testing (application
and/or infrastructure) and articulating security issues to
technical and non-technical audience Identifying, researching,
validating, and exploiting different, known, and unknown security
vulnerabilities on the server and client side Leveraging the MITRE
Telecommunication&CK Framework Red Team testing tools: Cobalt
Strike, Red Team Toolkit, etc. Vulnerability Assessment tools:
Nessus, Qualys, etc. Exploitation frameworks: Metasploit, CANVAS,
Core Impact Social Engineering campaigns: email phishing, phone
calls, SET Deep understanding of OSI model and OWASP Security
devices: Firewalls, VPN, AAA systems OS Security: Unix/Linux,
Windows, OSX Understanding of common protocols: HTTP, LDAP, SMTP,
DNS Web application infrastructure: Application Servers, Web
Servers, Databases Web development and programming languages:
Python, Perl, Ruby, Java, .Net Education Bachelor s
degree/University degree or equivalent experience Master s degree
preferred Industry-accredited security certifications highly
preferred but not required (e.g. PNPT, OSCP, OSCE, GXPN, GPEN,
GCIH, GWAPT, GCFA, or CISSP) This job description provides a
high-level review of the types of work performed. Other job-related
duties may be assigned as required.
Keywords: , Kendall West , Attack Surface Engineer, IT / Software / Systems , Fort Lauderdale, Florida
