Attack Surface Management Engineer

Job Description

WithSecure delivers research-led cyber security to defend organizations, society and people from real-world attacks and build resilience into their approach. Our people are a mix of technical and creative experts – diverse, talented, and passionate people – working tirelessly to help us advance the industry with new ways of thinking. They lead their own development, in and out of the office. They call the shots when it comes to building a place to call home in our organization.

Our Attack Surface Management (ASM) team is responsible for maintaining a deep understanding of our client’s attack surface, and working collaboratively to secure their perimeter against threats.

Our engineers in the ASM team are experts in viewing our client’s perimeters as an attacker would. By combining current threat intelligence with a deep understanding of modern attack strategies, their job is to constantly look for new threats across our client’s estates. There’s no routine playbook for this – what makes our ASM team so successful is a willingness to challenge the norm, take the initiative and follow their own intuition to identify the most likely attack vectors across an entire organization.

What we need…

WithSecure are looking for a ASM engineer to join our growing ASM team. We are looking for security professionals who have a passion for reconnaissance, keeping up to date with emerging attack techniques and finding new ways that businesses can be targeted.

Our hunting differs from traditional pentesting – instead of deep-dive analysis, we look at the big picture, and try to answer the question “if I was trying to target this organization, what would I do?” To do that, we need people who can think like a real attacker and work with our clients to understand what they see.

To succeed at WithSecure and help our clients with their challenges you will need to be geared up with the following:

• A passion for security! You love computers, you love security and you love hacking things and solving problems. If this weren’t your job it would be your hobby.
• Self-motivation! You’re not going to be told what to do all the time. You are capable of figuring out what is of benefit to WithSecure and our clients and then run with it. We will give you the tools to succeed, but it is up to you to apply them.
• Communication skills! How can we add value to our clients’ organizations unless we can tell them what we did, how we did it and how they can fix it? But communication also extends to sharing your knowledge with your colleagues and the wider industry.

Job duties:

• Actively monitoring threat intelligence feeds
• Open-scope hunting based on gathered threat intelligence
• Ongoing OSINT gathering, reconnaissance and analysis
• Work collaboratively with clients to secure their perimeter against cyber threats
• Contribution to research and tool development
• Hypothesis driven investigations

Bonus points:

• Previous security experience including consulting, threat hunting, soc analysis, tool development, OSINT
• Deep understanding of security principles
• CREST and/or Offensive Security certifications like OSCP, OSEP, OSCE