Experian Logo

Experian

Attack Surface Management Engineer

Posted 2 Days Ago
Be an Early Applicant
Remote
Hiring Remotely in Ruddington, Rushcliffe, Nottinghamshire, England
Mid level
Remote
Hiring Remotely in Ruddington, Rushcliffe, Nottinghamshire, England
Mid level
The Attack Surface Management Engineer is responsible for managing and minimizing Experian's cybersecurity risks by ensuring comprehensive visibility of its attack surface. You will engage in incident response, improve processes, validate vulnerabilities, and work with partners to enhance communication throughout the incident lifecycle.
The summary above was generated by AI

Company Description

Internal Grade D

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realise their financial goals and help them save time and money.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland.

Find out what its like to work for Experian by clicking here

Job Description


The Attack Surface Management Engineer is responsible for activities related to the full scope of attack surface management, with the goal to ensure comprehensive visibility and actionability of Experian's entire attack surface, exposures, and vulnerabilities, minimizing Experian's risk potential. You will work with the Cyber Fusion Centre to provide accurate attack surface management discovery to support incident-related activities.

Reports to our Director of Attack Surface Management

Responsibilities

  • Help with response to cybersecurity incidents, ensuring relevant vulnerable asset discovery.
  • Build and iteratively improve on Attack Surface Management processes to monitor and strengthen visibility and knowledge of the global attack surface.
  • Engage with partners to ensure ASM-related communication and reporting throughout the incident lifecycle
  • Perform verification/validation testing for vulnerabilities across all asset types; demonstrate exploitation steps and verify remediation/fixes
  • Perform programmatic and ad-hoc asset discovery to report on coverage gaps
  • Implement daily operations of the Attack Surface Mgmt program, including the interpretation of scanning results
  • Help identify internal and external risks based on scanning results
  • Support the attribution of findings to appropriate business owner
  • Identify improvements to scan coverage

Qualifications

Functional Requirements

  • Expert level engineering experience to support Attack Surface Management in one of the following: Networking/Protocols, Middleware, Network Infrastructure, Network Appliances, APIs, Cloud Infrastructure, Cloud Services, Mobile Devices, Mobile Applications, IoT, Endpoints, Operating Systems, Wireless networking, Third-party Integrations, Data Storage, Databases, CICD, Application Dependencies.
  • Working knowledge of network security principles, including segmentation, firewalls and VPNs.
  • Working knowledge of networking standards and protocols: IPv4, IPv6, TCP/IP, DNS, HTTPS, TLS, BGP, Firewalls and NAT, SMTP, VPN, ICMP, SSH, IPSec, etc.
  • Solid understanding of the application of some of the following frameworks and regulations, and how they are applied to identifying and rating risk: OWASP, SANS, NIST 800-61, CVSS, CIS, OSSTM, ISO 27001, MITRE ATT&CK, PCI, HIPAA, GDPR, CMMC, other.
  • Working knowledge of industry accepted AI security practices.
  • Knowledge of major cloud platforms (AWS, Azure, or GCP).
  • Experience with cloud security practices and tools and the ability to respond to incidents in cloud-based infrastructure.
  • Document all ASM aspects of incident response activities, including timelines, actions taken, and lessons learned.

Additional Information

Benefits package includes:

  • Flexible work environment, working hybrid or in the office if you prefer.
  • Great compensation package and discretionary bonus plan
  • Core benefits include pension, bupa healthcare, sharesave scheme and more
  • 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Find out what its like to work for Experian by clicking here

#LI-Remote

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Top Skills

Ai Security Practices
APIs
Cloud Infrastructure
Networking

Similar Jobs

Immersive Logo
Immersive

Senior Ruby Developer (Hybrid or Remote in UK)

17 Hours Ago
Remote
United Kingdom
Senior level
Senior level
Enterprise Web • HR Tech • Information Technology • Software • Cybersecurity
As a Senior Ruby Developer at Immersive Labs, you'll architect and deliver significant updates to their learning platform, ensuring high-quality code through design, testing, and maintenance. You'll collaborate within a multi-disciplinary agile team, mentor peers, and engage in innovative projects while participating in a robust on-call scheme for system incidents.
Top Skills: Ruby
Immersive Logo
Immersive

Full Stack Developer (Remote in UK)

17 Hours Ago
Remote
Hybrid
United Kingdom
Senior level
Senior level
Enterprise Web • HR Tech • Information Technology • Software • Cybersecurity
As a Full Stack Developer at Immersive Labs, you will work on building and improving our learning platform, collaborating with a multi-disciplinary team. Your responsibilities include architecting solutions, maintaining code quality, writing test automation, and mentoring other engineers while contributing to technical discussions and initiatives.
Top Skills: JavaScriptPythonRuby
NinjaOne Logo
NinjaOne

Senior Software Engineer, Java Backend

2 Days Ago
Remote
Hybrid
London, Greater London, England, GBR
Senior level
Senior level
Information Technology • Productivity • Software • Infrastructure as a Service (IaaS)
The Senior Software Engineer will contribute to developing and maintaining backend applications using Java and Kotlin, work on high-availability systems, support product requirements, and ensure system performance. Responsibilities include designing new applications, improving existing systems, coding, and monitoring system performance, all within an agile environment.
Top Skills: JavaKotlin

What you need to know about the London Tech Scene

London isn't just a hub for established businesses; it's also a nursery for innovation. Boasting one of the most recognized fintech ecosystems in Europe, attracting billions in investments each year, London's success has made it a go-to destination for startups looking to make their mark. Top U.K. companies like Hoptin, Moneybox and Marshmallow have already made the city their base — yet fintech is just the beginning. From healthtech to renewable energy to cybersecurity and beyond, the city's startups are breaking new ground across a range of industries.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account