Senior Security Analyst

Confiz is seeking a Lead Attack Surface Analyst to drive the reduction of the organization’s attack surface through continuous visibility, risk prioritization, and proactive remediation of vulnerabilities and exposures. This role works closely with cybersecurity and technology teams to identify, escalate, and mitigate high-risk issues while advancing automation and secure-by-design practices across the technology landscape. The ideal candidate will play a key role in strengthening the Attack Surface Management program and enhancing overall security posture.

• →Lead the evolution and expansion of the Attack Surface Management (ASM) program, identifying gaps and implementing scalable solutions and new capabilities.
• →Drive continuous improvement of ASM processes, methodologies, and toolsets, with a strong focus on automation and operational efficiency.
• →Develop and maintain cybersecurity standards, ASM procedures, and operational runbooks.
• →Collaborate with Incident Response teams to refine processes and actively support investigations and mitigation efforts.
• →Partner with Application Security, DevOps, and Cloud teams to embed security best practices into system and software design.
• →Maintain a comprehensive and continuously updated map of the organization’s attack surface through OSINT, reconnaissance, and dark web monitoring.
• →Lead enterprise-wide, risk-prioritized initiatives to reduce vulnerabilities and exposures, including recommending architectural improvements.
• →Define, track, and present key metrics to measure attack surface risk and operational performance.
• →Automate workflows and integrate security tools to enhance efficiency and scalability.
• →Contribute to team development through mentorship, knowledge sharing, and training initiatives.
• →Lead compliance activities, including control validation, evidence collection, and support for audits (e.g., PCI, SOC 2).
• →Stay current with emerging threats, technologies, and industry practices through continuous learning and professional development.

• Bachelor’s or Master’s degree in Information Technology, Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• 6+ years of experience in cybersecurity operations, red teaming, or threat hunting.
• Deep understanding of the MITRE ATT&CK framework, threat actor tactics, techniques, and procedures (TTPs), and common attack vectors.
• Strong expertise in attack surface management, vulnerability management, cloud security, network security, and cyber hygiene.
• Experience implementing security controls across multi-cloud environments (AWS, Azure, GCP).
• Advanced knowledge of enterprise IT architecture, networking, system administration, and data flows across systems.
• Proficiency in scripting and automation (e.g., Python, PowerShell) to enhance operational efficiency.
• Hands-on experience with OSINT and reconnaissance methodologies.
• Familiarity with offensive security methodologies and ethical hacking practices.
• Strong understanding of regulatory and compliance frameworks (e.g., PCI, SOC 2) and associated controls.
• Experience developing and scaling attack surface management capabilities, including mentoring junior analysts.
• Knowledge of integrating security into CI/CD pipelines and modern DevSecOps practices.
• Strong leadership, communication, and stakeholder management skills.
• Preferred certifications: OSCE, GREM, CISSP.
• Awareness of emerging technologies, including the application of AI within the attack surface management domain.

We have a global team of amazing individuals working on highly innovative enterprise projects & products. Our customer base includes Fortune 100 retail and CPG companies, leading store chains, fast growth fintech, and multiple Silicon Valley startups.

What makes Confiz stand out is our focus on processes and culture. Confiz is ISO 9001:2015 (QMS), ISO 27001:2022 (ISMS), ISO 20000-1:2018 (ITSM) and ISO 14001:2015 (EMS) Certified. We have a vibrant culture of learning via collaboration and making workplace fun.

People who work with us work with cutting-edge technologies while contributing success to the company as well as to themselves. 

To know more about Confiz Limited, visit https://www.linkedin.com/company/confiz/