Jobs via Dice
Manager, Attack Surface Management (ASM)
Jobs via Dice, Los Angeles, California, United States, 90079
Overview
Join to apply for the
Manager, Attack Surface Management (ASM)
role at
Jobs via Dice . About USC
The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. This role sits within a newly restructured cybersecurity organization focused on scalable, proactive defense strategies, incident preparedness, and operational excellence. This is a full-time exempt position, remote, with USC benefits. The Manager, Attack Surface Management (ASM) leads the university's ASM program, integrating vulnerability management, cyber threat intelligence (CTI), and vendor-led managed security services (MSSPs) aligned to threat-informed defenses. The role is responsible for external and internal attack surface visibility, prioritized remediation, and adversary-informed defense design, including vulnerability assessments and proactive risk mitigation. Position Summary
The Manager, ASM reports to the Cyber Defense Director and collaborates with stakeholders across the university ecosystem. This is a leadership role focused on continuous improvement of the attack surface management capability and alignment with cyber defense strategies. Responsibilities
Oversee the entire ASM process (detection, monitoring, reporting, impact assessment). Define and maintain criteria to prioritize vulnerabilities based on risk, impact, and business continuity needs. Lead ASM strategy and the execution of security and vulnerability scans to proactively identify and mitigate risks in a university environment. Develop and implement strategic remediation plans to minimize the university's internal and external attack surface. Collaborate with IT teams, Information Security Officers (ISOs), Cyber Governance, and DSUs to ensure timely remediation and guidance on risk mitigation. Continuously improve processes for addressing vulnerabilities, application security risks, and CTI gaps. Lead the development of use cases and requirements for ASM security tools, ensuring proper configuration and deployment. Manage and direct third-party security service providers (e.g., MSSPs) and monitor tool usage (vulnerability scanners, penetration testing platforms, automated monitoring). Define KPIs and oversee performance of MSPs; guide threat-hunting activities. Stay informed of evolving threats and industry best practices to adapt ASM strategies. Support security incident response efforts with a focus on attack surface exploitation and future risk mitigation. Ensure ASM aligns with regulatory frameworks, compliance standards, and organizational risk management policies. Provide regular vulnerability and risk mitigation reports. Support strategic planning related to cybersecurity, compliance, and risk management. Validate end-to-end vulnerability remediation and maintain user-focused service delivery. Engage with DSUs and other teams to advise on remediation strategies. Participate in staff management activities (e.g., hiring, coaching, training, performance reviews) and provide leadership input on monitoring and incident response strategies. Maintain awareness of changes in legal, regulatory, and technology environments that may affect operations and foster a culture of ethics and contribution. Minimum Qualifications
5 years in attack surface and vulnerability management. Bachelor’s degree or equivalent combination of education/experience. Strong understanding of attack surface management, security testing practices, and methodologies. Ability to develop and implement a comprehensive ASM strategy aligned with the university’s objectives and risk appetite. Deep understanding of cybersecurity principles, attack vectors, and the threat landscape. Familiarity with MITRE ATT&CK, Diamond Model, OWASP Top 10, and CVSS frameworks. Experience operationalizing CTI and IOCs across SIEM, EDR, and ASM workflows. Ability to assess business risks and recommend appropriate cybersecurity measures. Adaptability to changes in the external environment and organizational shifts. Knowledge of system, application, and database hardening techniques. Effective communication skills and ability to interact with all organizational levels. Project management experience and ability to lead complex security initiatives. Ability to collaborate with managed service providers (MSSPs) and track SLAs, influence contracts, and oversee performance. Experience engaging with other cybersecurity teams to drive continuous improvement of ASM capability. Commitment to staying current with security threats, trends, and technologies. Strong leadership and people management skills. Solid technical knowledge and troubleshooting skills. Ability to work in high-stress situations and manage crises. Skilled in communicating with a wide range of stakeholders and business partners. Experience with security monitoring, anti-malware, and vulnerability management technologies; knowledge of application security management and cyber threat intelligence; cloud security. Willingness to work evenings, weekends, and holidays as schedule dictates. Preferred Qualifications
7 years relevant experience. 3 years leading a vulnerability management program with demonstrated ability to prioritize projects. Experience building or evolving a program from scratch. Strong interpersonal and communication skills. Master’s degree. Cyber certification (e.g., CISSP, GIAC, CISM). In addition, the successful candidate must demonstrate USC’s Unifying Values of integrity, excellence, community, well-being, open communication, and accountability. Salary And Benefits
The annual base salary range for this position is $186,100.12 to $227,349.86. USC offers a broad range of benefits as part of the total rewards package. You can learn more about USC’s comprehensive benefits here.
#J-18808-Ljbffr
Join to apply for the
Manager, Attack Surface Management (ASM)
role at
Jobs via Dice . About USC
The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. This role sits within a newly restructured cybersecurity organization focused on scalable, proactive defense strategies, incident preparedness, and operational excellence. This is a full-time exempt position, remote, with USC benefits. The Manager, Attack Surface Management (ASM) leads the university's ASM program, integrating vulnerability management, cyber threat intelligence (CTI), and vendor-led managed security services (MSSPs) aligned to threat-informed defenses. The role is responsible for external and internal attack surface visibility, prioritized remediation, and adversary-informed defense design, including vulnerability assessments and proactive risk mitigation. Position Summary
The Manager, ASM reports to the Cyber Defense Director and collaborates with stakeholders across the university ecosystem. This is a leadership role focused on continuous improvement of the attack surface management capability and alignment with cyber defense strategies. Responsibilities
Oversee the entire ASM process (detection, monitoring, reporting, impact assessment). Define and maintain criteria to prioritize vulnerabilities based on risk, impact, and business continuity needs. Lead ASM strategy and the execution of security and vulnerability scans to proactively identify and mitigate risks in a university environment. Develop and implement strategic remediation plans to minimize the university's internal and external attack surface. Collaborate with IT teams, Information Security Officers (ISOs), Cyber Governance, and DSUs to ensure timely remediation and guidance on risk mitigation. Continuously improve processes for addressing vulnerabilities, application security risks, and CTI gaps. Lead the development of use cases and requirements for ASM security tools, ensuring proper configuration and deployment. Manage and direct third-party security service providers (e.g., MSSPs) and monitor tool usage (vulnerability scanners, penetration testing platforms, automated monitoring). Define KPIs and oversee performance of MSPs; guide threat-hunting activities. Stay informed of evolving threats and industry best practices to adapt ASM strategies. Support security incident response efforts with a focus on attack surface exploitation and future risk mitigation. Ensure ASM aligns with regulatory frameworks, compliance standards, and organizational risk management policies. Provide regular vulnerability and risk mitigation reports. Support strategic planning related to cybersecurity, compliance, and risk management. Validate end-to-end vulnerability remediation and maintain user-focused service delivery. Engage with DSUs and other teams to advise on remediation strategies. Participate in staff management activities (e.g., hiring, coaching, training, performance reviews) and provide leadership input on monitoring and incident response strategies. Maintain awareness of changes in legal, regulatory, and technology environments that may affect operations and foster a culture of ethics and contribution. Minimum Qualifications
5 years in attack surface and vulnerability management. Bachelor’s degree or equivalent combination of education/experience. Strong understanding of attack surface management, security testing practices, and methodologies. Ability to develop and implement a comprehensive ASM strategy aligned with the university’s objectives and risk appetite. Deep understanding of cybersecurity principles, attack vectors, and the threat landscape. Familiarity with MITRE ATT&CK, Diamond Model, OWASP Top 10, and CVSS frameworks. Experience operationalizing CTI and IOCs across SIEM, EDR, and ASM workflows. Ability to assess business risks and recommend appropriate cybersecurity measures. Adaptability to changes in the external environment and organizational shifts. Knowledge of system, application, and database hardening techniques. Effective communication skills and ability to interact with all organizational levels. Project management experience and ability to lead complex security initiatives. Ability to collaborate with managed service providers (MSSPs) and track SLAs, influence contracts, and oversee performance. Experience engaging with other cybersecurity teams to drive continuous improvement of ASM capability. Commitment to staying current with security threats, trends, and technologies. Strong leadership and people management skills. Solid technical knowledge and troubleshooting skills. Ability to work in high-stress situations and manage crises. Skilled in communicating with a wide range of stakeholders and business partners. Experience with security monitoring, anti-malware, and vulnerability management technologies; knowledge of application security management and cyber threat intelligence; cloud security. Willingness to work evenings, weekends, and holidays as schedule dictates. Preferred Qualifications
7 years relevant experience. 3 years leading a vulnerability management program with demonstrated ability to prioritize projects. Experience building or evolving a program from scratch. Strong interpersonal and communication skills. Master’s degree. Cyber certification (e.g., CISSP, GIAC, CISM). In addition, the successful candidate must demonstrate USC’s Unifying Values of integrity, excellence, community, well-being, open communication, and accountability. Salary And Benefits
The annual base salary range for this position is $186,100.12 to $227,349.86. USC offers a broad range of benefits as part of the total rewards package. You can learn more about USC’s comprehensive benefits here.
#J-18808-Ljbffr