Jobs via Dice
Lead Analyst, Attack Surface Management (ASM)
Jobs via Dice, Los Angeles, California, United States, 90079
Lead Analyst, Attack Surface Management (ASM)
at
Jobs via Dice The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. As a world?class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape. Position Summary
As the Lead Analyst, Attack Surface Management (ASM) you will be an integral member of the cybersecurity department while also collaborating with stakeholders across the university ecosystem. You will report to the ASM Manager, work full?time and remotely, and be eligible for all of USCs benefits and perks. The role focuses on scalable, proactive defense strategies, incident preparedness, and operational excellence working alongside experts committed to service, innovation, and impact. Key Responsibilities Oversee the vulnerability lifecycle management process (detection, monitoring, reporting, and impact assessment) and conduct regular vulnerability assessments and scans to identify weaknesses in systems, applications, networks, and OT/IoT environments. Develop and implement remediation strategies to address vulnerabilities, minimize the universitys attack surface, and enforce remediations required by audits. Collaborate with IT teams, stakeholders, and VM managed service teams to validate effective end?to?end vulnerability remediation and maintain a consistent customer experience. Serve as an ASM subject?matter expert, formulating and prioritizing intelligence requirements according to the established risk management framework, and influence the universitys vulnerability management program roadmap. Prepare detailed reports on vulnerabilities, their impact, and the status of remediation efforts, communicating findings to stakeholders. Advise on and maintain vulnerability and attack surface management policies, procedures, and best practices. Stay current on legal, regulatory, and technological changes affecting the university, and maintain awareness of emerging threats and vulnerabilities that impact the organizations attack surface. Promote a workplace culture that values employee contributions and adheres to the Code of Ethics.
Minimum Qualifications
5 years in attack surface and vulnerability management. Bachelors degree or equivalent combined experience/education. Knowledge of frameworks: NIST Cybersecurity Framework (NIST CSF), ISO/IEC 27001, MITRE ATT&CK, OWASP Top Ten, CIS Controls, COBIT, SANS Critical Security Controls, PCI DSS, NIST SP 800-53, and ITIL. Strong understanding of ASM/vulnerability management, security testing practices, and methodologies. Understanding of cyber defense concepts (incident response, security monitoring, cyber threat intelligence). Knowledge of operational technology environment security requirements needed to manage the broader attack landscape across the university. Experience building and operating application vulnerability management programs and vulnerability scanning infrastructure. Comprehensive knowledge of cloud?native vulnerability practices in AWS, Azure, and SaaS platforms. Ability to assess business risks and recommend suitable cybersecurity measures. Experience managing vulnerability assessment tools and hardening techniques. Strong communication, interpersonal skills, analytical and problem?solving abilities, and attention to detail. Project management experience leading complex security initiatives and the ability to train others. Ability to coordinate with IT teams and managed service providers across the university. Availability for evenings, weekends, and holidays as required.
Preferred Qualifications
7 years of related experience. Experience working in higher education or complex, decentralized environments. Certifications such as CISSP, GCIH, GPEN, Security+, or similar.
Salary and Benefits
The annual base salary range for this position is $162,315.11$201,452.98. USC provides a comprehensive benefits package that includes health, wealth, and wellness perks as part of its total rewards program. #J-18808-Ljbffr
at
Jobs via Dice The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. As a world?class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape. Position Summary
As the Lead Analyst, Attack Surface Management (ASM) you will be an integral member of the cybersecurity department while also collaborating with stakeholders across the university ecosystem. You will report to the ASM Manager, work full?time and remotely, and be eligible for all of USCs benefits and perks. The role focuses on scalable, proactive defense strategies, incident preparedness, and operational excellence working alongside experts committed to service, innovation, and impact. Key Responsibilities Oversee the vulnerability lifecycle management process (detection, monitoring, reporting, and impact assessment) and conduct regular vulnerability assessments and scans to identify weaknesses in systems, applications, networks, and OT/IoT environments. Develop and implement remediation strategies to address vulnerabilities, minimize the universitys attack surface, and enforce remediations required by audits. Collaborate with IT teams, stakeholders, and VM managed service teams to validate effective end?to?end vulnerability remediation and maintain a consistent customer experience. Serve as an ASM subject?matter expert, formulating and prioritizing intelligence requirements according to the established risk management framework, and influence the universitys vulnerability management program roadmap. Prepare detailed reports on vulnerabilities, their impact, and the status of remediation efforts, communicating findings to stakeholders. Advise on and maintain vulnerability and attack surface management policies, procedures, and best practices. Stay current on legal, regulatory, and technological changes affecting the university, and maintain awareness of emerging threats and vulnerabilities that impact the organizations attack surface. Promote a workplace culture that values employee contributions and adheres to the Code of Ethics.
Minimum Qualifications
5 years in attack surface and vulnerability management. Bachelors degree or equivalent combined experience/education. Knowledge of frameworks: NIST Cybersecurity Framework (NIST CSF), ISO/IEC 27001, MITRE ATT&CK, OWASP Top Ten, CIS Controls, COBIT, SANS Critical Security Controls, PCI DSS, NIST SP 800-53, and ITIL. Strong understanding of ASM/vulnerability management, security testing practices, and methodologies. Understanding of cyber defense concepts (incident response, security monitoring, cyber threat intelligence). Knowledge of operational technology environment security requirements needed to manage the broader attack landscape across the university. Experience building and operating application vulnerability management programs and vulnerability scanning infrastructure. Comprehensive knowledge of cloud?native vulnerability practices in AWS, Azure, and SaaS platforms. Ability to assess business risks and recommend suitable cybersecurity measures. Experience managing vulnerability assessment tools and hardening techniques. Strong communication, interpersonal skills, analytical and problem?solving abilities, and attention to detail. Project management experience leading complex security initiatives and the ability to train others. Ability to coordinate with IT teams and managed service providers across the university. Availability for evenings, weekends, and holidays as required.
Preferred Qualifications
7 years of related experience. Experience working in higher education or complex, decentralized environments. Certifications such as CISSP, GCIH, GPEN, Security+, or similar.
Salary and Benefits
The annual base salary range for this position is $162,315.11$201,452.98. USC provides a comprehensive benefits package that includes health, wealth, and wellness perks as part of its total rewards program. #J-18808-Ljbffr