DMARC Analyzer (Acq. by Mimecast)
Attack Surface Management Specialist
DMARC Analyzer (Acq. by Mimecast), Oklahoma City, Oklahoma, United States
Attack Surface Management Specialist
Join to apply for the
Attack Surface Management Specialist
role at
DMARC Analyzer (Acq. by Mimecast)
Seniority Level Mid-Senior level
Employment Type Full-time
Job Function Other. Industries: Technology, Information and Internet
Salary Range Base salary range: $124,000–$186,000 plus benefits. Eligible for incentive plans and additional benefits based on company policy and local regulations.
Responsibilities Attack Surface Management Strategy & Architecture
Lead the design and evolution of comprehensive attack surface management strategies aligned with organizational risk reduction targets
Architect ASM discovery, monitoring, and validation frameworks that identify and track external assets across cloud, network, and application environments
Develop and implement advanced detection methodologies for shadow IT and rogue assets
Establish baseline metrics and KPIs for attack surface visibility and coordinate their achievement across security operations teams
Process Improvement & Automation
Make improvements to existing ASM processes, tools, and workflows; own the end-to-end execution of these enhancements, improve automation
Evaluate and drive adoption of new ASM tooling, platforms, and technologies
Improve team efficiency and document standard operating procedures
Cross-Functional Leadership & Collaboration
Communicate with security operations, vulnerability management, infrastructure, development, and business teams to establish priorities
Gain organizational cooperation on the adoption of new ASM processes and procedures by clearly demonstrating business value
Coordinate with external stakeholders including cloud service providers, domain registrars, and security vendors
Partner with the vulnerability management function to ensure discovered assets are properly scanned, classified, and prioritized
Vulnerability & Risk Management Integration
Ensure attack surface visibility feeds directly into vulnerability management workflows and Jira tracking systems
Prioritize discovered assets and vulnerabilities using business impact, EPSS scoring
Support executive reporting on attack surface reduction progress
Maintain oversight of critical vulnerabilities tied to external-facing assets and coordinate remediation timelines
Complex Project Management
Manage complex, multi-phase ASM initiatives with general oversight; define scope, timelines, resource requirements, and success criteria
Lead projects such as cloud security posture assessments, third-party risk management integrations, or regional attack surface reduction campaigns
Work with minimal day-to-day direction; escalates strategic decisions and blockers appropriately to leadership
Track project health through metrics and maintain stakeholder visibility on progress and risks
Threat Intelligence & Compliance Integration
Incorporate relevant threat intelligence (zero-day vulnerabilities, attack trends, industry-specific risks) into attack surface prioritization decisions
Ensure processes align with compliance (SOC 2, ISO 27001, regional data protection)
Contribute to security assessments and audit responses related to external assets
Qualifications
6+ years of experience in information security, with at least 4 years directly focused on attack surface management, external vulnerability management, or asset discovery
Advanced technical knowledge, methodologies and tools (e.g., Tenable, Shodan, Rapid7 Insight VM, Qualys VMDR, or similar platforms)
Broad knowledge of project management methodologies; experience managing complex, multi-stakeholder initiatives, ability to design and implement process improvements
Strong understanding of cloud security (AWS, Azure, GCP), network reconnaissance, and vulnerability assessment
Excellent written and verbal communication skills; ability to explain complex security concepts to technical and non-technical audiences
Experience with JIRA, vulnerability management workflows, and security automation tools
Bachelor's degree in Computer Science/Information Security or equivalent professional experience
Experience with threat intelligence platforms and CSIRT coordination
Knowledge of OWASP, NIST Cybersecurity Framework, or similar security standards
Experience in responsible disclosure program management
Experience in a large SaaS organization, world distributed security teams
About Belonging at Mimecast Cybersecurity is a community effort. That’s why we’re committed to building an inclusive, diverse community that celebrates and welcomes everyone – unless they’re a cybercriminal, of course.
We’re proud to be an Equal Opportunity and Affimative Action Employer, and we’d encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.
We consider everyone equally: your race, age, religion, sexual orientation, gender identity, ability, marital status, nationality, or any other protected characteristic won’t affect your application.
If you require any adjustments or accommodations due to a disability, or any other reason that may help you in your interview process, please let us know by emailing careers@mimecast.com.
Due to certain obligations to our customers, an offer of employment will be subject to your successful completion of applicable background checks, conducted in accordance with local law.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.
#J-18808-Ljbffr
Attack Surface Management Specialist
role at
DMARC Analyzer (Acq. by Mimecast)
Seniority Level Mid-Senior level
Employment Type Full-time
Job Function Other. Industries: Technology, Information and Internet
Salary Range Base salary range: $124,000–$186,000 plus benefits. Eligible for incentive plans and additional benefits based on company policy and local regulations.
Responsibilities Attack Surface Management Strategy & Architecture
Lead the design and evolution of comprehensive attack surface management strategies aligned with organizational risk reduction targets
Architect ASM discovery, monitoring, and validation frameworks that identify and track external assets across cloud, network, and application environments
Develop and implement advanced detection methodologies for shadow IT and rogue assets
Establish baseline metrics and KPIs for attack surface visibility and coordinate their achievement across security operations teams
Process Improvement & Automation
Make improvements to existing ASM processes, tools, and workflows; own the end-to-end execution of these enhancements, improve automation
Evaluate and drive adoption of new ASM tooling, platforms, and technologies
Improve team efficiency and document standard operating procedures
Cross-Functional Leadership & Collaboration
Communicate with security operations, vulnerability management, infrastructure, development, and business teams to establish priorities
Gain organizational cooperation on the adoption of new ASM processes and procedures by clearly demonstrating business value
Coordinate with external stakeholders including cloud service providers, domain registrars, and security vendors
Partner with the vulnerability management function to ensure discovered assets are properly scanned, classified, and prioritized
Vulnerability & Risk Management Integration
Ensure attack surface visibility feeds directly into vulnerability management workflows and Jira tracking systems
Prioritize discovered assets and vulnerabilities using business impact, EPSS scoring
Support executive reporting on attack surface reduction progress
Maintain oversight of critical vulnerabilities tied to external-facing assets and coordinate remediation timelines
Complex Project Management
Manage complex, multi-phase ASM initiatives with general oversight; define scope, timelines, resource requirements, and success criteria
Lead projects such as cloud security posture assessments, third-party risk management integrations, or regional attack surface reduction campaigns
Work with minimal day-to-day direction; escalates strategic decisions and blockers appropriately to leadership
Track project health through metrics and maintain stakeholder visibility on progress and risks
Threat Intelligence & Compliance Integration
Incorporate relevant threat intelligence (zero-day vulnerabilities, attack trends, industry-specific risks) into attack surface prioritization decisions
Ensure processes align with compliance (SOC 2, ISO 27001, regional data protection)
Contribute to security assessments and audit responses related to external assets
Qualifications
6+ years of experience in information security, with at least 4 years directly focused on attack surface management, external vulnerability management, or asset discovery
Advanced technical knowledge, methodologies and tools (e.g., Tenable, Shodan, Rapid7 Insight VM, Qualys VMDR, or similar platforms)
Broad knowledge of project management methodologies; experience managing complex, multi-stakeholder initiatives, ability to design and implement process improvements
Strong understanding of cloud security (AWS, Azure, GCP), network reconnaissance, and vulnerability assessment
Excellent written and verbal communication skills; ability to explain complex security concepts to technical and non-technical audiences
Experience with JIRA, vulnerability management workflows, and security automation tools
Bachelor's degree in Computer Science/Information Security or equivalent professional experience
Experience with threat intelligence platforms and CSIRT coordination
Knowledge of OWASP, NIST Cybersecurity Framework, or similar security standards
Experience in responsible disclosure program management
Experience in a large SaaS organization, world distributed security teams
About Belonging at Mimecast Cybersecurity is a community effort. That’s why we’re committed to building an inclusive, diverse community that celebrates and welcomes everyone – unless they’re a cybercriminal, of course.
We’re proud to be an Equal Opportunity and Affimative Action Employer, and we’d encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.
We consider everyone equally: your race, age, religion, sexual orientation, gender identity, ability, marital status, nationality, or any other protected characteristic won’t affect your application.
If you require any adjustments or accommodations due to a disability, or any other reason that may help you in your interview process, please let us know by emailing careers@mimecast.com.
Due to certain obligations to our customers, an offer of employment will be subject to your successful completion of applicable background checks, conducted in accordance with local law.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.
#J-18808-Ljbffr