University of Southern California (USC)
Analyst, Attack Surface Management (ASM)
University of Southern California (USC), Los Angeles, California, United States, 90079
ABOUT THE DEPARTMENT
USC is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape. This role sits within a newly restructured cybersecurity organization that is leading this transformation. You’ll join a team focused on scalable, proactive defense strategies, incident preparedness, and operational excellence, working alongside experts committed to service, innovation, and impact. If you’re driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your leadership to the table. POSITION SUMMARY
As the
Analyst, Attack Surface Management (ASM) , you will be an integral member of the cybersecurity department while collaborating with stakeholders across the university ecosystem and reporting to the ASM Manager. This is a full-time exempt position, eligible for USC’s benefits and perks. This opportunity is remote. The Analyst, Attack Surface Management (ASM) works to identify, assess, and mitigate vulnerabilities across the university’s digital environment. You will continuously monitor and manage the university’s attack surface (e.g., on-premises and cloud-based systems, network perimeter, Operational Technology (OT) environments, applications, and external-facing services) to prevent unauthorized access and data breaches. You will work with cross-functional teams (e.g., Cyber Threat Intel, Cyber Defense, Cyber Governance) to identify and prioritize threats using vulnerability assessments, penetration testing, and risk evaluations. You will collaborate with university IT teams, Departments/Schools/Units (DSUs), and other stakeholders to implement effective security controls. You will work with USC Defense to support security response efforts and ensure ASM practices align with regulatory compliance and university cybersecurity policies. The
Analyst, Attack Surface Management (ASM)
will: Identifies, catalogs, and continuously maintains an inventory of the university’s digital assets (on-premises and cloud-based systems, OT environments, applications, and services) and consistently monitors for new threats, changes to the attack surface, and emerging risks. Conducts vulnerability assessments, attack and penetration testing, and risk evaluations to determine security gaps. Scans digital assets for vulnerabilities, assesses potential impact, and prioritizes risks based on severity. Analyzes potential threats and their impact on the university’s systems, applications, and data. Recommends appropriate mitigation strategies. Develops and recommends mitigation strategies to reduce identified risks. Works with IT teams, DSUs, and other stakeholders to validate and implement remediation. Ensures timely application of security patches and updates to minimize vulnerabilities (e.g., patch management). Assists in responding to security incidents, focusing on how the attack surface was exploited and how to prevent future attacks. Serves as a subject matter expert (SME) in ASM, formulating and prioritizing intelligence requirements within a risk management framework. Provides regular reports on the attack surface status, including potential risks, vulnerabilities, and the effectiveness of implemented security controls. Ensures ASM strategies align with university cybersecurity policies and compliance requirements. Engages with IT teams and DSUs to advise on remediation strategies and best practices for reducing the attack surface. Integrates ASM efforts into broader security and risk management initiatives to validate end-to-end remediation. Maintains awareness of changes in legal, regulatory, and technology environments that may affect operations. Promotes a workplace culture aligned with USC’s Unifying Values of integrity, excellence, community, well-being, open communication, and accountability. MINIMUM QUALIFICATIONS
Great candidates for the position of
Analyst, Attack Surface Management (ASM)
will meet the following qualifications: 2 years of experience in attack surface and vulnerability management. A bachelor’s degree or combined experience and education as a substitute for minimum education. Ability to interface with teams across the CISO Office and ITS, such as Enterprise and Infrastructure Services, and across USC IT teams. Thorough understanding of technology, tools, policies, and standards related to security systems and incident response. Understanding of Operational Technology environments and the security requirements needed to support them. Technical knowledge of Cyber Defense concepts, including incident response, security monitoring, cyber threat intelligence, attack surface, and vulnerability management. Strong leadership and people management skills. Solid technical knowledge and troubleshooting skills. Ability to work effectively in high-stress situations and manage crisis situations. Skilled in communicating with a wide range of stakeholders and business partners. Experience in the management and/or implementation of security monitoring, anti-malware, and vulnerability management technologies. In-depth experience in application security management and knowledge of cyber threat intelligence. Strong understanding of ASM management, security testing practices, and methodologies. Experience in building infrastructure and application vulnerability management programs. Comprehensive knowledge of cloud computing and associated security challenges. Ability to assess business risks and recommend suitable cybersecurity measures. Familiarity with common vulnerability frameworks such as CVSS and OWASP Top 10. Adaptability to changes in the external environment and organizational shifts. Knowledge of system, application, and database hardening techniques. Effective communication skills and the ability to interact with all organizational levels. Project management experience and the ability to lead complex security initiatives. Commitment to staying current with the latest security threats, trends, and technologies. PREFERRED QUALIFICATIONS
Exceptional candidates for the position of
Analyst, Attack Surface Management (ASM)
will also bring the following qualifications or more: 5 years of related experience in IT security roles with hands-on vulnerability analysis. A master’s degree. Strong understanding of cybersecurity threats and remediation practices. Ability to communicate effectively across technical and non-technical audiences. In addition, the successful candidate must also demonstrate, through ideas, words, and actions, a strong commitment to USC’s Unifying Values—integrity, excellence, community, well-being, open communication, and accountability. SALARY AND BENEFITS
The annual base salary range for this position is $112,575.21-$127,577. USC considers factors such as scope and responsibilities, work experience, education/training, key skills, internal peer alignment, laws, contractual stipulations, grant funding, and external market considerations when offering compensation. USC provides benefits to eligible employees as part of the total rewards package; learn more about USC’s comprehensive benefits. Join the USC cybersecurity team within an environment of innovation and excellence. Minimum Education: Bachelor’s degree. Minimum Experience: 2 years in attack surface and vulnerability management. Minimum Skills: Interface with CISO Office and ITS teams; understanding of security systems and incident response; OT security requirements; cyber defense concepts; leadership and communication skills; experience with security monitoring, anti-malware, and vulnerability management; cloud security; risk assessment; familiarity with CVSS/OWASP; adaptability; hardening techniques; project management; commitment to staying current. Preferred Education: Master’s degree. Preferred Experience: 5 years.
#J-18808-Ljbffr
USC is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape. This role sits within a newly restructured cybersecurity organization that is leading this transformation. You’ll join a team focused on scalable, proactive defense strategies, incident preparedness, and operational excellence, working alongside experts committed to service, innovation, and impact. If you’re driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your leadership to the table. POSITION SUMMARY
As the
Analyst, Attack Surface Management (ASM) , you will be an integral member of the cybersecurity department while collaborating with stakeholders across the university ecosystem and reporting to the ASM Manager. This is a full-time exempt position, eligible for USC’s benefits and perks. This opportunity is remote. The Analyst, Attack Surface Management (ASM) works to identify, assess, and mitigate vulnerabilities across the university’s digital environment. You will continuously monitor and manage the university’s attack surface (e.g., on-premises and cloud-based systems, network perimeter, Operational Technology (OT) environments, applications, and external-facing services) to prevent unauthorized access and data breaches. You will work with cross-functional teams (e.g., Cyber Threat Intel, Cyber Defense, Cyber Governance) to identify and prioritize threats using vulnerability assessments, penetration testing, and risk evaluations. You will collaborate with university IT teams, Departments/Schools/Units (DSUs), and other stakeholders to implement effective security controls. You will work with USC Defense to support security response efforts and ensure ASM practices align with regulatory compliance and university cybersecurity policies. The
Analyst, Attack Surface Management (ASM)
will: Identifies, catalogs, and continuously maintains an inventory of the university’s digital assets (on-premises and cloud-based systems, OT environments, applications, and services) and consistently monitors for new threats, changes to the attack surface, and emerging risks. Conducts vulnerability assessments, attack and penetration testing, and risk evaluations to determine security gaps. Scans digital assets for vulnerabilities, assesses potential impact, and prioritizes risks based on severity. Analyzes potential threats and their impact on the university’s systems, applications, and data. Recommends appropriate mitigation strategies. Develops and recommends mitigation strategies to reduce identified risks. Works with IT teams, DSUs, and other stakeholders to validate and implement remediation. Ensures timely application of security patches and updates to minimize vulnerabilities (e.g., patch management). Assists in responding to security incidents, focusing on how the attack surface was exploited and how to prevent future attacks. Serves as a subject matter expert (SME) in ASM, formulating and prioritizing intelligence requirements within a risk management framework. Provides regular reports on the attack surface status, including potential risks, vulnerabilities, and the effectiveness of implemented security controls. Ensures ASM strategies align with university cybersecurity policies and compliance requirements. Engages with IT teams and DSUs to advise on remediation strategies and best practices for reducing the attack surface. Integrates ASM efforts into broader security and risk management initiatives to validate end-to-end remediation. Maintains awareness of changes in legal, regulatory, and technology environments that may affect operations. Promotes a workplace culture aligned with USC’s Unifying Values of integrity, excellence, community, well-being, open communication, and accountability. MINIMUM QUALIFICATIONS
Great candidates for the position of
Analyst, Attack Surface Management (ASM)
will meet the following qualifications: 2 years of experience in attack surface and vulnerability management. A bachelor’s degree or combined experience and education as a substitute for minimum education. Ability to interface with teams across the CISO Office and ITS, such as Enterprise and Infrastructure Services, and across USC IT teams. Thorough understanding of technology, tools, policies, and standards related to security systems and incident response. Understanding of Operational Technology environments and the security requirements needed to support them. Technical knowledge of Cyber Defense concepts, including incident response, security monitoring, cyber threat intelligence, attack surface, and vulnerability management. Strong leadership and people management skills. Solid technical knowledge and troubleshooting skills. Ability to work effectively in high-stress situations and manage crisis situations. Skilled in communicating with a wide range of stakeholders and business partners. Experience in the management and/or implementation of security monitoring, anti-malware, and vulnerability management technologies. In-depth experience in application security management and knowledge of cyber threat intelligence. Strong understanding of ASM management, security testing practices, and methodologies. Experience in building infrastructure and application vulnerability management programs. Comprehensive knowledge of cloud computing and associated security challenges. Ability to assess business risks and recommend suitable cybersecurity measures. Familiarity with common vulnerability frameworks such as CVSS and OWASP Top 10. Adaptability to changes in the external environment and organizational shifts. Knowledge of system, application, and database hardening techniques. Effective communication skills and the ability to interact with all organizational levels. Project management experience and the ability to lead complex security initiatives. Commitment to staying current with the latest security threats, trends, and technologies. PREFERRED QUALIFICATIONS
Exceptional candidates for the position of
Analyst, Attack Surface Management (ASM)
will also bring the following qualifications or more: 5 years of related experience in IT security roles with hands-on vulnerability analysis. A master’s degree. Strong understanding of cybersecurity threats and remediation practices. Ability to communicate effectively across technical and non-technical audiences. In addition, the successful candidate must also demonstrate, through ideas, words, and actions, a strong commitment to USC’s Unifying Values—integrity, excellence, community, well-being, open communication, and accountability. SALARY AND BENEFITS
The annual base salary range for this position is $112,575.21-$127,577. USC considers factors such as scope and responsibilities, work experience, education/training, key skills, internal peer alignment, laws, contractual stipulations, grant funding, and external market considerations when offering compensation. USC provides benefits to eligible employees as part of the total rewards package; learn more about USC’s comprehensive benefits. Join the USC cybersecurity team within an environment of innovation and excellence. Minimum Education: Bachelor’s degree. Minimum Experience: 2 years in attack surface and vulnerability management. Minimum Skills: Interface with CISO Office and ITS teams; understanding of security systems and incident response; OT security requirements; cyber defense concepts; leadership and communication skills; experience with security monitoring, anti-malware, and vulnerability management; cloud security; risk assessment; familiarity with CVSS/OWASP; adaptability; hardening techniques; project management; commitment to staying current. Preferred Education: Master’s degree. Preferred Experience: 5 years.
#J-18808-Ljbffr