This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
Attack Surface Management Engineer, Principal
Healthequity - Remote, OR
posted about 1 month ago
About the position
As a Principal Attack Surface Management Engineer at HealthEquity, you will play a crucial role in managing technology and security risks across the organization. This position involves leading the Attack Surface Management team, identifying security gaps, driving significant security projects, and serving as a senior escalation point for the Threat & Vulnerability Management program. Your expertise will guide the implementation of security controls and frameworks, while fostering relationships with technology and business leaders to advocate for security initiatives.
Responsibilities
- Independently identify security and program gaps within the internal and external environment and offer remediation guidance.
- Lead significant security projects from inception to delivery, achieving team consensus among various stakeholders.
- Serve as a senior escalation point for the Threat & Vulnerability Management program, determining exploitability of vulnerabilities.
- Assist with designing remediations and mitigations for complex vulnerability scenarios.
- Foster professional relationships with technology/business leaders to present and influence security initiatives.
- Implement controls consistent with the program's direction.
- Multi-task and solution in a changing environment impacted by new threats and competing priorities.
- Assist in defining the team roadmap and addressing opportunities/weak points.
- Present to executives and senior leaders on complex security topics, risks, and issues.
- Develop business cases to procure and implement new technologies to address emerging risks.
- Lead security control definition and document requirements for technology and business initiatives.
- Apply cybersecurity framework-based controls to on-premise and cloud components.
- Function as an internal consultant with respect to technical specialties and recommend changes to enhance security.
- Stay apprised of emerging threats applicable to the business and technology stack.
- Monitor and manage risks associated with the external attack surface.
- Assist in penetration testing activities through a Purple Team lens.
- Mentor junior team members to help upskill and foster knowledge sharing.
Requirements
- Minimum of 8 years of consistent information security experience.
- Experience with security tools such as Tenable, Tanium, Defender for EASM, Shodan, Azure, Splunk, Kali.
- Automation, scripting, and business intelligence experience (PowerShell, Python, PowerBI, Tableau, API configuration).
- Demonstrated experience presenting to senior leaders and technical peers on complex security topics.
- Expert-level knowledge of leading cybersecurity frameworks and best practices.
- CISSP, CISM, or similar security certification; OSCP, CCSP, or other advanced certifications highly preferred.
- Bachelor's degree in information systems, computer science, or a related field, or equivalent experience.
Benefits
- Medical, dental, and vision insurance
- HSA contribution and match
- Dependent care FSA match
- Uncapped paid time off
- Adventure accounts
- Paid parental leave
- 401(k) match
- Personal and healthcare financial literacy programs
- Ongoing education & tuition assistance
- Gym and fitness reimbursement
- Wellness program incentives
