Job Information

ADM Attack Surface Analyst in Amsterdam, Netherlands


Job Title:

Attack Surface Analyst


Information Technology

Job Description:

Attack Surface Analyst

This is a salaried exempt position.

Position Summary:

Under general supervision, the Attack Surface Analyst will work as a member of the Attack Surface Management (ASM) team, and interface directly with IT and non-IT teams including patching teams, asset, and application owners, Global Threat Action Center (Threat Intel, Security Operations, Incident Response), Merger Acquisition Divestiture and Joint Venture, and other IT teams leading and supporting delivery and development of a diverse range of ASM functions.

Deliver world class vulnerability management and attack surface management security services in collaboration with teammates and other company functions, including external service partners. Provide support for day to day operations to manager or Attack Surface Management.

This role is a key advisor on Threat and Vulnerability Management to the Manager of Attack Surface Management and other IT leaders.

Job Responsibilities:

  • Advisor role to the Manager of Attack Surface Management.

  • Perform scheduled scanning, reporting, and metric tracking of systems via ASM tools.

  • Provide analysis and trending of data metrics from ASM security devices & systems.

  • Perform threat and vulnerability analysis, and monitoring to identify control weaknesses and asses existing control effectiveness.

  • Use a risk based approach to prioritize remediation activities.

  • Investigate, document, and report on ASM issues, in clear to understand language.

  • Drive and document improvements across ASM based on assessment, operations, and analysis work.

  • Integrate and share information with other analysts and other teams.

  • Assist with creation and maintenance of standard processes and operating procedures and ASM playbooks.

  • Ability to work in a hybrid managing services environment utilization various partners.

  • Ability to lift 50 lbs, and analyze color coded metrics.

  • Other duties as assigned.

Job Requirements:

  • 2+ years of experience with vulnerability management and cybersecurity operations.

  • 2+ years of experience with vulnerability management platforms, such as Qualys, Rapid7, or Tenable Nessus.

  • 2+ years of experience with databases, CSV files, and other large data sources.

  • Knowledge of general Cybersecurity concepts and methods, including vulnerability management, application security, incident response, governance, risk or compliance, or security architecture.

  • Bachelor's degree or equivalent work experience.

  • Experience using Windows and Linux to perform tasks and enterprise administration.

  • Ability to prioritize and execute work with minimal supervision.

  • Proven experience in identifying technical and non-technical vulnerabilities and defects used by cyber adversaries to attack and achieve their cyber goals.

  • Ability to communicate and collaborate effectively with other team members in a geographic and culturally diverse workforce.

  • Expected to work occasional nights, weekends, holidays, and overtime.

  • Expected to perform on-call duties.

  • Occasional travel may be required.

  • Strong sense of professionalism and ethics.

  • GCIH, CVA, Sec+, GVE certifications, or related certifications required.

Desired Skills:

  • 2+ years of experience with attack surface reduction or attack surface management

  • Experience with server application and network security hardening

  • Experience with ASM or VM platforms, including Kenna, Microsoft Defender, Metasploit, Defender External Attack Surface Management, or Tripwire

  • Experience with ServiceNow Security Operations Vulnerability Response

  • Possession of excellent oral and written communication skills, including presenting to technical and non-technical clients




North Holland