Security Engineer – Attack Surface Management (ASR)
FULL_TIME • NA
Exegy is hiring a Security Engineer focused on Attack Surface Management to own and mature its vulnerability management program. This role is responsible for reducing real organizational risk by identifying, prioritizing, and driving remediation of exploitable vulnerabilities across endpoints, servers, cloud workloads, SaaS platforms, and internet-facing systems.
The position emphasizes outcomes over reporting, with success measured through sustained risk reduction, faster remediation, and improved asset visibility. The engineer will work closely with IT, Engineering, and Infrastructure teams to reduce exposure caused by unmanaged assets, misconfigurations, and legacy systems. The role also contributes to threat awareness, security standards, and leadership reporting through clear, risk-based insights.
🔹 Responsibilities
Own the full vulnerability lifecycle, including discovery, prioritization, remediation tracking, and validation.
Maintain accurate visibility into assets and exposure across endpoints, servers, cloud environments, SaaS, and externally exposed systems.
Conduct routine vulnerability scans and targeted, ad-hoc security assessments.
Prioritize remediation using risk-based criteria such as exploitability, threat intelligence, asset criticality, business impact, and exposure.
Reduce noise by deduplicating findings and focusing remediation on high-impact risks.
Track remediation progress and confirm effectiveness of applied fixes.
Identify and eliminate unmanaged assets, persistent legacy vulnerabilities, and insecure configurations that expand the attack surface.
Partner with IT and Engineering teams to improve patching cadence, enforce secure configuration baselines, and address recurring vulnerability patterns.
Recommend compensating controls when immediate remediation is not feasible.
Perform targeted threat analysis and light threat-hunting to detect exploitation attempts or abnormal activity.
Incorporate threat intelligence and observed attacker behavior into vulnerability prioritization.
Communicate risk clearly to technical teams and leadership using concise metrics, trends, and outcome-focused reporting.
Contribute to security standards, procedures, and operational improvements.
🔹 Requirements
3+ years of hands-on experience in security engineering, vulnerability management, or a closely related field.
Strong understanding of common vulnerability types, exploitation techniques, and attacker methodologies.
Solid foundation in operating systems, networking, and cloud fundamentals.
Experience using vulnerability scanning, detection, and security monitoring tools to assess risk.
Demonstrated ability to prioritize remediation based on business and technical risk rather than raw vulnerability volume.
Familiarity with mapping vulnerabilities to real-world attack techniques and threat models.
Working knowledge of security frameworks and control sets such as MITRE ATT&CK, NIST CSF, ISO 27001, or CIS Controls.
Ability to document findings clearly, explain risk rationale, and provide actionable remediation guidance.
Experience collaborating with engineering, infrastructure, and IT teams to drive timely remediation.
Comfort translating technical findings into structured work items or backlog tasks.
Experience in lean or resource-constrained environments is beneficial.
Exposure to integrating vulnerability data into ticketing, backlog, or ITSM workflows is a plus.
Relevant security certifications (e.g., Security+, CEH, CISSP) or equivalent practical experience are beneficial but not required.
🔖 Curated by ArtofBlockchain.club
AOB scans top blockchain career pages daily to bring high-signal opportunities without spam.
👉 Discover more curated roles at ArtofBlockchain.club