Attack Surface Management Engineer

• Applications are considered on a rolling basis
• Multiple locations
• Hybrid

Job Description

At WithSecure™, we protect businesses all over the world. Our SaaS solutions safeguard against modern cyber threats, and our innovative Co-security approach reflects our belief that true protection requires collaboration and shared expertise. No one can solve every cyber security problem alone. Our vision is to become Europe’s flagship in cyber security. Every day, our talented teams work to prevent cyber extortion, secure critical infrastructure, and prevent misuse of sensitive data. At WithSecure, it’s our people who make us exceptional – a diverse community that values passion, purpose, and a commitment to workplace well-being. If you’re ready to make an impact with a company that’s transforming cybersecurity, we’d love to hear from you.

Our Attack Surface Management (ASM) team is responsible for maintaining a deep understanding of our client’s attack surface, and working collaboratively to secure their perimeter against threats.

Our engineers in the ASM team are experts in viewing our client’s perimeters as an attacker would. By combining current threat intelligence with a deep understanding of modern attack strategies, their job is to constantly look for new threats across our client’s estates. There’s no routine playbook for this – what makes our ASM team so successful is a willingness to challenge the norm, take the initiative and follow their own intuition to identify the most likely attack vectors across an entire organization.

What we need…

WithSecure are looking for a ASM engineer to join our growing ASM team. We are looking for security professionals who have a passion for reconnaissance, keeping up to date with emerging attack techniques and finding new ways that businesses can be targeted.

Our hunting differs from traditional pentesting – instead of deep-dive analysis, we look at the big picture, and try to answer the question “if I was trying to target this organization, what would I do?” To do that, we need people who can think like a real attacker and work with our clients to understand what they see.

To succeed at WithSecure and help our clients with their challenges you will need to be geared up with the following:

• A passion for security! You love computers, you love security and you love hacking things and solving problems. If this weren’t your job it would be your hobby.
• Self-motivation! You’re not going to be told what to do all the time. You are capable of figuring out what is of benefit to WithSecure and our clients and then run with it. We will give you the tools to succeed, but it is up to you to apply them.
• Communication skills! How can we add value to our clients’ organizations unless we can tell them what we did, how we did it and how they can fix it? But communication also extends to sharing your knowledge with your colleagues and the wider industry.

Job duties:

• Actively monitoring threat intelligence feeds
• Open-scope hunting based on gathered threat intelligence
• Ongoing OSINT gathering, reconnaissance and analysis
• Work collaboratively with clients to secure their perimeter against cyber threats
• Contribution to research and tool development
• Hypothesis driven investigations

Bonus points:

• Previous security experience including consulting, threat hunting, soc analysis, tool development, OSINT
• Deep understanding of security principles
• CREST and/or Offensive Security certifications like OSCP, OSEP, OSCE