USC CERPP (Center for Enrollment Research, Policy and Practice)
Manager, Attack Surface Management (ASM)
USC CERPP (Center for Enrollment Research, Policy and Practice), Los Angeles, California, United States, 90079
Manager, Attack Surface Management (ASM) - USC CERPP (Center for Enrollment Research, Policy and Practice)
Join to apply for the
Manager, Attack Surface Management (ASM)
role at USC CERPP located in Los Angeles, California. The position is full-time remote with an annual base salary range of $186,100.12 to $227,349.86.
About the Department The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. As a world-class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape. This role sits within a newly restructured cybersecurity organization that’s leading this transformation. You’ll join a team focused on scalable, proactive defense strategies, incident preparedness, and operational excellence—working alongside experts who are deeply committed to service, innovation, and impact. If you’re driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your leadership to the table.
Position Summary As the
Manager, Attack Surface Management (ASM) , you will be an integral leader of the cybersecurity department while collaborating with stakeholders across the university ecosystem. This role reports to the Cyber Defense Director and is a full‑time exempt position eligible for all USC benefits and perks. This opportunity is remote.
The Manager, Attack Surface Management (ASM) Will
Oversees the entire attack surface management process (e.g., detection, monitoring, reporting, impact assessment). Defines and maintains criteria to prioritize vulnerabilities based on risk, potential impact, and business continuity needs. Leads ASM program strategy, operations, the execution of security and vulnerability scans to identify and mitigate risks proactively in a university environment.
Develops and implements strategic remediation plans to minimize the university’s internal and external attack surface. Works with IT teams, Information Security Officers (ISOs), and Cyber Governance to ensure timely and effective remediation of vulnerabilities. Collaborates with ISOs and Cyber Governance to engage with DSUs to provide expert guidance on risk mitigation strategies. Continuously improves processes for addressing vulnerabilities, application security risks, and cyber threat intelligence gaps.
Leads the development of use cases and requirements for ASM security tools, ensuring proper configuration and deployment. Manages and directs third-party security service providers that support ASM capabilities (e.g. vulnerability and cyber threats). Ensures effective use of security tools such as vulnerability scanners, penetration testing platforms, and automated monitoring solutions. Manages and directs managed service providers utilized to enable ASM capabilities. Oversees managed service provider performance, defines KPIs, manages delivery quality, and guides threat-hunting activities. Monitors the latest security threats, vulnerabilities, and industry best practices to proactively adapt ASM strategies. Serves as an ASM subject-matter expert, aligning intelligence requirements with cyber defense strategies. Directs vulnerability assessments, penetration testing, and risk management activities to enhance security resilience. Provides tailored remediation guidance to DSUs based on threat telemetry and unit-specific exposures.
Assists in security incident response efforts, focusing on attack surface exploitation and future risk mitigation. Ensures attack surface management aligns with broader cybersecurity frameworks, compliance regulations, and organizational risk management policies. Formalizes and maintains the criteria and framework to prioritize vulnerabilities based on risk and potential impact. Collaborates with IT teams to ensure attack surface initiatives comply with regulatory frameworks and industry standards. Provides regular reports on vulnerability status, attack surface trends, and risk mitigation effectiveness.
Supports strategic planning efforts related to cybersecurity, compliance, and risk management. Focuses on continuous improvement to mitigate risks associated with vulnerabilities, application security, and cyber threat intelligence. Collaborates with IT teams and stakeholders to validate effective end-to-end vulnerability remediation and maintain a consistent customer experience. Collaborates with ISOs and Cyber Governance to engage with DSUs to advise on recommended remediation strategies for vulnerabilities.
Participates in staff management activities (e.g., hiring, coaching, training, performance reviews, pay actions, and promotions). Offers recommendations to leadership on security monitoring and incident response strategies based on informed analysis.
Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Encourages a workplace culture where all employees are valued, value others and have the opportunity to contribute through their ideas, words and actions, in accordance with the USC Code of Ethics.
Minimum Qualifications
5 years in attack surface and vulnerability management.
A bachelor's degree or combined experience/education as substitute for minimum education.
Strong understanding of attack surface management, security testing practices, and methodologies.
Ability to develop and implement a comprehensive attack surface management strategy that aligns with the university’s objectives and risk appetite.
Deep understanding of cybersecurity principles, attack vectors, and the threat landscape.
Familiarity with MITRE ATT&CK, Diamond Model, OWASP Top 10, and CVSS frameworks.
Experience operationalizing CTI and IOCs across SIEM, EDR, and ASM workflows.
Ability to assess business risks and recommend suitable cybersecurity measures.
Adaptability to changes in the external environment and organizational shifts.
Knowledge of system, application, and database hardening techniques.
Effective communication skills and the ability to interact with all organizational levels.
Project management experience and the ability to lead complex security initiatives.
Ability to collaborate and manage managed service providers, including MSSPs, SLA tracking, contract influence, performance oversight.
Ability to engage with other teams across the cybersecurity function to push for continuous improvement of the attack surface management capability.
Experience managing MSSPs, including SLA tracking, contract influence, and performance oversight.
Commitment to staying current with the latest security threats, trends, and technologies.
Strong leadership and people management skills.
Solid technical knowledge and troubleshooting skills.
Ability to work effectively in high‑stress situations and manage crisis situations.
Skilled in communicating with a wide range of stakeholders and business partners.
Experience in the management and/or implementation of security monitoring, anti‑malware, and vulnerability management technologies.
In‑depth experience in application security management and knowledge of cyber threat intelligence.
Comprehensive knowledge of cloud computing and associated security challenges.
Ability to work evenings, weekends and holidays as the schedule dictates.
Preferred Qualifications
7 years relevant experience.
3 years leading a vulnerability management program, with the ability to prioritize projects and deliverables.
Demonstrated success building or evolving a program from scratch.
Strong interpersonal and communication skills.
A Master's degree.
Cyber certification (e.g., CISSP, GIAC, CISM).
Salary and Benefits The annual base salary range for this position is $186,100.12 to $227,349.86. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer alignment, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations. To support the well‑being of our faculty and staff, USC provides benefits‑eligible employees with a broad range of perks to help protect their and their dependents’ health, wealth, and future. These benefits are available as part of the overall compensation and total rewards package. You can learn more about USC’s comprehensive benefits here.
Seniority level Mid‑Senior level
Employment type Contract
Job function Other
Industries Higher Education
REQ20164592 Posted Date: 10/02/2025 Apply
#J-18808-Ljbffr
Manager, Attack Surface Management (ASM)
role at USC CERPP located in Los Angeles, California. The position is full-time remote with an annual base salary range of $186,100.12 to $227,349.86.
About the Department The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. As a world-class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape. This role sits within a newly restructured cybersecurity organization that’s leading this transformation. You’ll join a team focused on scalable, proactive defense strategies, incident preparedness, and operational excellence—working alongside experts who are deeply committed to service, innovation, and impact. If you’re driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your leadership to the table.
Position Summary As the
Manager, Attack Surface Management (ASM) , you will be an integral leader of the cybersecurity department while collaborating with stakeholders across the university ecosystem. This role reports to the Cyber Defense Director and is a full‑time exempt position eligible for all USC benefits and perks. This opportunity is remote.
The Manager, Attack Surface Management (ASM) Will
Oversees the entire attack surface management process (e.g., detection, monitoring, reporting, impact assessment). Defines and maintains criteria to prioritize vulnerabilities based on risk, potential impact, and business continuity needs. Leads ASM program strategy, operations, the execution of security and vulnerability scans to identify and mitigate risks proactively in a university environment.
Develops and implements strategic remediation plans to minimize the university’s internal and external attack surface. Works with IT teams, Information Security Officers (ISOs), and Cyber Governance to ensure timely and effective remediation of vulnerabilities. Collaborates with ISOs and Cyber Governance to engage with DSUs to provide expert guidance on risk mitigation strategies. Continuously improves processes for addressing vulnerabilities, application security risks, and cyber threat intelligence gaps.
Leads the development of use cases and requirements for ASM security tools, ensuring proper configuration and deployment. Manages and directs third-party security service providers that support ASM capabilities (e.g. vulnerability and cyber threats). Ensures effective use of security tools such as vulnerability scanners, penetration testing platforms, and automated monitoring solutions. Manages and directs managed service providers utilized to enable ASM capabilities. Oversees managed service provider performance, defines KPIs, manages delivery quality, and guides threat-hunting activities. Monitors the latest security threats, vulnerabilities, and industry best practices to proactively adapt ASM strategies. Serves as an ASM subject-matter expert, aligning intelligence requirements with cyber defense strategies. Directs vulnerability assessments, penetration testing, and risk management activities to enhance security resilience. Provides tailored remediation guidance to DSUs based on threat telemetry and unit-specific exposures.
Assists in security incident response efforts, focusing on attack surface exploitation and future risk mitigation. Ensures attack surface management aligns with broader cybersecurity frameworks, compliance regulations, and organizational risk management policies. Formalizes and maintains the criteria and framework to prioritize vulnerabilities based on risk and potential impact. Collaborates with IT teams to ensure attack surface initiatives comply with regulatory frameworks and industry standards. Provides regular reports on vulnerability status, attack surface trends, and risk mitigation effectiveness.
Supports strategic planning efforts related to cybersecurity, compliance, and risk management. Focuses on continuous improvement to mitigate risks associated with vulnerabilities, application security, and cyber threat intelligence. Collaborates with IT teams and stakeholders to validate effective end-to-end vulnerability remediation and maintain a consistent customer experience. Collaborates with ISOs and Cyber Governance to engage with DSUs to advise on recommended remediation strategies for vulnerabilities.
Participates in staff management activities (e.g., hiring, coaching, training, performance reviews, pay actions, and promotions). Offers recommendations to leadership on security monitoring and incident response strategies based on informed analysis.
Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Encourages a workplace culture where all employees are valued, value others and have the opportunity to contribute through their ideas, words and actions, in accordance with the USC Code of Ethics.
Minimum Qualifications
5 years in attack surface and vulnerability management.
A bachelor's degree or combined experience/education as substitute for minimum education.
Strong understanding of attack surface management, security testing practices, and methodologies.
Ability to develop and implement a comprehensive attack surface management strategy that aligns with the university’s objectives and risk appetite.
Deep understanding of cybersecurity principles, attack vectors, and the threat landscape.
Familiarity with MITRE ATT&CK, Diamond Model, OWASP Top 10, and CVSS frameworks.
Experience operationalizing CTI and IOCs across SIEM, EDR, and ASM workflows.
Ability to assess business risks and recommend suitable cybersecurity measures.
Adaptability to changes in the external environment and organizational shifts.
Knowledge of system, application, and database hardening techniques.
Effective communication skills and the ability to interact with all organizational levels.
Project management experience and the ability to lead complex security initiatives.
Ability to collaborate and manage managed service providers, including MSSPs, SLA tracking, contract influence, performance oversight.
Ability to engage with other teams across the cybersecurity function to push for continuous improvement of the attack surface management capability.
Experience managing MSSPs, including SLA tracking, contract influence, and performance oversight.
Commitment to staying current with the latest security threats, trends, and technologies.
Strong leadership and people management skills.
Solid technical knowledge and troubleshooting skills.
Ability to work effectively in high‑stress situations and manage crisis situations.
Skilled in communicating with a wide range of stakeholders and business partners.
Experience in the management and/or implementation of security monitoring, anti‑malware, and vulnerability management technologies.
In‑depth experience in application security management and knowledge of cyber threat intelligence.
Comprehensive knowledge of cloud computing and associated security challenges.
Ability to work evenings, weekends and holidays as the schedule dictates.
Preferred Qualifications
7 years relevant experience.
3 years leading a vulnerability management program, with the ability to prioritize projects and deliverables.
Demonstrated success building or evolving a program from scratch.
Strong interpersonal and communication skills.
A Master's degree.
Cyber certification (e.g., CISSP, GIAC, CISM).
Salary and Benefits The annual base salary range for this position is $186,100.12 to $227,349.86. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer alignment, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations. To support the well‑being of our faculty and staff, USC provides benefits‑eligible employees with a broad range of perks to help protect their and their dependents’ health, wealth, and future. These benefits are available as part of the overall compensation and total rewards package. You can learn more about USC’s comprehensive benefits here.
Seniority level Mid‑Senior level
Employment type Contract
Job function Other
Industries Higher Education
REQ20164592 Posted Date: 10/02/2025 Apply
#J-18808-Ljbffr