Exegy
Security Engineer – Attack Surface Management (ASR)
Exegy, Saint Louis, Missouri, United States, 63146
About Exegy
Exegy is a global leader in intelligent market data, advanced trading systems, and future‑proof technology. Exegy serves as a trusted partner to the complete ecosystem of the buy‑side, sell‑side, exchanges, and financial services technology firms around the globe. Headquartered in St. Louis with regional offices in North America, the UK/Europe and Asia Pacific, Exegy has the global footprint to deliver world‑class support and managed services to its customer base of elite financial market participants.
Job Summary We are seeking a hands‑on Security Engineer – ASR to own and mature our vulnerability management program with a clear mandate to reduce real organizational risk and shrink our attack surface. This role goes beyond scanning and reporting—success is measured by fewer exploitable weaknesses, faster remediation, and sustained risk reduction over time. The ideal candidate is analytical, persistent, and pragmatic, with the ability to translate vulnerability data into clear, risk‑based prioritized actions that engineering and/or IT teams can execute.
Responsibilities Risk‑Driven Vulnerability Management
Own the end‑to‑end vulnerability lifecycle: discovery, prioritization, remediation tracking, and validation
Maintain accurate asset and exposure visibility across endpoints, servers, cloud workloads, SaaS, and internet‑facing systems
Perform regular vulnerability scanning and ad‑hoc assessments
Prioritize remediation based on real‑world risk, considering:
Exploitability and threat intelligence
Asset criticality and business impact
Exposure (internet‑facing, privileged systems, sensitive data)
Reduce vulnerability noise by deduplicating findings and focusing teams on what matters most
Track remediation progress and validate fixes
Attack Surface Reduction
Identify and eliminate:
Unmanaged or unknown assets
Legacy systems with chronic vulnerabilities
Misconfigurations that expand attack surface
Partner with IT and Engineering to:
Improve patching cadence
Enforce secure configuration baselines
Reduce recurring vulnerability patterns
Recommend compensating controls where remediation is not immediately feasible
Threat Awareness & Continuous Improvement
Conduct targeted threat analysis and light threat hunting to identify exploitation attempts and abnormal authentication or privilege activity
Feed threat intelligence and observed attacker behavior back into vulnerability prioritization
Improve detection, hardening, and prevention based on findings
Collaboration & Communication
Work closely with IT, Engineering, and Infrastructure teams to drive remediation outcomes
Translate technical vulnerabilities into clear, actionable risk statements
Provide leadership with concise, outcome‑focused metrics and trend reporting
Contribute to security standards, procedures, and operational improvements
Success Metrics
Reduction in critical and high‑risk vulnerabilities over time
Mean time to remediate (MTTR)
Percentage of assets with known ownership and patch coverage
Reduction in repeat or systemic vulnerabilities
Demonstrated attack surface reduction (fewer exposed services, unused assets, misconfigurations)
Our Ideal Candidate Has: Technical Experience
3+ years of hands‑on experience in security engineering, vulnerability management, or a closely related discipline
Strong working knowledge of common vulnerability classes, exploitation techniques, and attacker methodologies
Solid foundation in operating systems, networking concepts, and cloud fundamentals
Experience using vulnerability scanning, detection, and security monitoring tools to identify and assess risk
Demonstrated ability to prioritize remediation efforts based on business and technical risk rather than raw finding volume
Risk & Threat Awareness
Familiarity with how vulnerabilities map real‑world attack techniques and threat models
Working knowledge of widely adopted security frameworks and control sets (e.g., MITRE ATT&CK, NIST CSF, ISO 27001, CIS Controls)
Ability to contextualize vulnerability findings within broader security, operational, and compliance considerations
Execution & Communication Approach
Capable of clearly documenting vulnerability findings, risk rationale, and remediation guidance
Effective in working with engineering, infrastructure, and IT teams to drive timely remediation
Comfortable translating technical findings into actionable work items and recommendations
Experience That Enhances Impact
Experience operating in lean or resource‑constrained environments where prioritization and pragmatism are critical
Exposure to integrating vulnerability findings into ticketing, backlog management, or ITSM workflows
Relevant security certifications (e.g., Security+, CEH, CISSP) or equivalent practical experience are beneficial but are not required
#J-18808-Ljbffr
Job Summary We are seeking a hands‑on Security Engineer – ASR to own and mature our vulnerability management program with a clear mandate to reduce real organizational risk and shrink our attack surface. This role goes beyond scanning and reporting—success is measured by fewer exploitable weaknesses, faster remediation, and sustained risk reduction over time. The ideal candidate is analytical, persistent, and pragmatic, with the ability to translate vulnerability data into clear, risk‑based prioritized actions that engineering and/or IT teams can execute.
Responsibilities Risk‑Driven Vulnerability Management
Own the end‑to‑end vulnerability lifecycle: discovery, prioritization, remediation tracking, and validation
Maintain accurate asset and exposure visibility across endpoints, servers, cloud workloads, SaaS, and internet‑facing systems
Perform regular vulnerability scanning and ad‑hoc assessments
Prioritize remediation based on real‑world risk, considering:
Exploitability and threat intelligence
Asset criticality and business impact
Exposure (internet‑facing, privileged systems, sensitive data)
Reduce vulnerability noise by deduplicating findings and focusing teams on what matters most
Track remediation progress and validate fixes
Attack Surface Reduction
Identify and eliminate:
Unmanaged or unknown assets
Legacy systems with chronic vulnerabilities
Misconfigurations that expand attack surface
Partner with IT and Engineering to:
Improve patching cadence
Enforce secure configuration baselines
Reduce recurring vulnerability patterns
Recommend compensating controls where remediation is not immediately feasible
Threat Awareness & Continuous Improvement
Conduct targeted threat analysis and light threat hunting to identify exploitation attempts and abnormal authentication or privilege activity
Feed threat intelligence and observed attacker behavior back into vulnerability prioritization
Improve detection, hardening, and prevention based on findings
Collaboration & Communication
Work closely with IT, Engineering, and Infrastructure teams to drive remediation outcomes
Translate technical vulnerabilities into clear, actionable risk statements
Provide leadership with concise, outcome‑focused metrics and trend reporting
Contribute to security standards, procedures, and operational improvements
Success Metrics
Reduction in critical and high‑risk vulnerabilities over time
Mean time to remediate (MTTR)
Percentage of assets with known ownership and patch coverage
Reduction in repeat or systemic vulnerabilities
Demonstrated attack surface reduction (fewer exposed services, unused assets, misconfigurations)
Our Ideal Candidate Has: Technical Experience
3+ years of hands‑on experience in security engineering, vulnerability management, or a closely related discipline
Strong working knowledge of common vulnerability classes, exploitation techniques, and attacker methodologies
Solid foundation in operating systems, networking concepts, and cloud fundamentals
Experience using vulnerability scanning, detection, and security monitoring tools to identify and assess risk
Demonstrated ability to prioritize remediation efforts based on business and technical risk rather than raw finding volume
Risk & Threat Awareness
Familiarity with how vulnerabilities map real‑world attack techniques and threat models
Working knowledge of widely adopted security frameworks and control sets (e.g., MITRE ATT&CK, NIST CSF, ISO 27001, CIS Controls)
Ability to contextualize vulnerability findings within broader security, operational, and compliance considerations
Execution & Communication Approach
Capable of clearly documenting vulnerability findings, risk rationale, and remediation guidance
Effective in working with engineering, infrastructure, and IT teams to drive timely remediation
Comfortable translating technical findings into actionable work items and recommendations
Experience That Enhances Impact
Experience operating in lean or resource‑constrained environments where prioritization and pragmatism are critical
Exposure to integrating vulnerability findings into ticketing, backlog management, or ITSM workflows
Relevant security certifications (e.g., Security+, CEH, CISSP) or equivalent practical experience are beneficial but are not required
#J-18808-Ljbffr