We are searching for a highly experienced Senior Attack Surface Management (ASM) or Vulnerability Management Analyst and plays a pivotal role in strengthening our organization's security posture. As a Senior Analyst, you will oversee daily ASM operations, provide strategic and technical leadership. Your expertise will drive the development and implementation of vulnerability management strategies, as well as improve operational processes. You will collaborate across global teams and influence change to ensure a robust and proactive security approach.
Core Responsibilities
- Support user and stakeholder onboarding into Vulnerability Management workflows.
- Monitor approved ASM platform views, queries, and dashboards to identify potential vulnerabilities, exposure signals, and reporting items.
- Run approved queries and dashboard views in CrowdStrike and other ASM-approved sources such as Axonius, Wiz, Jira, or reporting dashboards.
- Export, clean, and format vulnerability-management and attack-surface data for recurring PowerPoint reporting packages.
- Preserve query context, dashboard filters, timestamps, and source assumptions so reporting remains traceable.
- Perform first-level bug bounty triage by reviewing new submissions, collecting basic reproduction details, identifying duplicates or known issues, and escalating likely valid or urgent findings.
- Document findings, initial recommendations, open questions, and handoff notes in the appropriate ASM workflow.
- Track open follow-ups, missing data, and escalation items in the appropriate ASM workflow or handoff channel.
- Follow ASM remediation SLA, bug bounty, and reporting guidance; escalate critical or externally exploitable findings immediately.
Required Skills
- Basic understanding of cybersecurity and vulnerability management concepts, including severity, asset ownership, remediation status, and SLA tracking.
- Exposure to Attack Surface Management concepts, OWASP Top 10 categories, or external exposure analysis.
- Experience using security dashboards or ticketing tools to gather and summarize data.
- Strong attention to detail when copying, filtering, exporting, and formatting data.
- Ability to create clear PowerPoint-ready tables, charts, and status summaries from approved source data.
- Comfortable following runbooks and escalating when source data is incomplete, conflicting, or outside the documented process.
- Professional communication skills for concise handoff notes and stakeholder follow-up.
- Ability to learn quickly in a dynamic security environment.
Preferred Experience
- CrowdStrike Falcon Exposure Management, Spotlight, or related CrowdStrike vulnerability workflows.
- Bugcrowd or similar bug bounty platform triage.
- Jira, Axonius, Wiz, Power BI, Excel, or PowerPoint reporting support.
- Familiarity with tools or techniques such as Shodan, Censys, Nmap, Burp Suite, or basic reconnaissance and fingerprinting.
- Security operations, application security, external exposure management, or vulnerability remediation coordination.
Risk Management, Cybersecurity, Vulnerability Mitigation, Vulnerability Assessment
