Build and maintain comprehensive, continuously updated asset inventories across on-prem, cloud (AWS/Azure/GCP), SaaS, IoT, and external-facing properties (domains, subdomains, IP ranges).
Engineer automated discovery pipelines (e.g., external scans, DNS/cert transparency, cloud APIs, CMDB reconciliation).
Implement entity resolution and de-duplication logic to unify disparate records into a single asset graph.
Act as a senior contributor to the Attack Surface Intelligence Data Insights Team to provide subject matter expertise on data manipulation, pipeline creation, API development, dashboard/visualization and AI NLP usage for large datasets.
Work closely with development and analysis partners to create a feedback loop from analysis, to development, to data and back.
Assist with the continued maturity of an attack surface prioritization matrix
Educate senior management regarding the strengths, weaknesses, opportunities, and threats associated with attack surface intelligence
Provide regular threat/risk briefings to senior management regarding issues raised by the attack surface intelligence team.
Present findings within a context of overall risk to the enterprise.
Work closely with existing infrastructure and security teams, both to receive input and to provide practical and actionable intelligence
Work closely with the Advanced Research Support team on the development of tools and strategies to address data needs

Requirements

7+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
7+ years of experience in briefing senior level executives and key stakeholders around cyber activities
7+ years of information security reporting and analysis experience
5+ years of experience in one or a combination of the following: reporting, analytics, or modeling in an information security environment, information technology environment, or a combination of both
Understanding of NIST framework (National Institute of Standards and Technology)
4 years of Threat Modeling
4 years of data modeling, data manipulation and API development
Understanding of MITRE ATT&CK framework
Experience with attack surface tooling, Tanium, Crowdstrike, Splunk, EDR solutions
Thorough understanding of concepts and principles related to security, strategy, management, and intelligence analysis
Ability to work productively with a variety of stakeholders (and their associated, sometimes conflicting) interests within the enterprise
Ability to work with and against internal resistance, and, as necessary, build consensus for attack surface intelligence sharing within the enterprise
Ability to think and act both strategically and tactically, theoretically, and pragmatically
Advanced cyber security certifications.

Benefits

Health benefits
401(k) Plan
Paid time off
Disability benefits
Life insurance, critical illness insurance, and accident insurance
Parental leave
Critical caregiving leave
Discounts and savings
Commuter benefits
Tuition reimbursement
Scholarships for dependent children
Adoption reimbursement

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cyber security researchinformation security reportingdata modelingdata manipulationAPI developmentthreat modelinganalyticsreportingautomated discovery pipelinesentity resolution

Soft Skills

briefing senior executivesstakeholder managementstrategic thinkingtactical thinkingconsensus buildingcommunicationcollaborationeducating managementrisk assessmentproblem-solving

Certifications

advanced cyber security certifications