Attack Surface Management Engineer
Montefiore Health System · Bronx, NY · 2 mo ago
Engineering$112k–$140k/yrFull-time
Responsibilities
- Work with architecture and engineering personnel to implement automation and orchestration solutions where appropriate to improve efficiency and reduce manual effort.
- Collaborate with IT, clinical teams, and other departments to ensure cybersecurity measures are integrated into everyday operations without disrupting patient care.
- Manage vendor relationships related to security solutions, testing services, and consulting engagements.
- Maintain security tools and services ensuring continued uptime and efficient execution of scanning activities.
- Work with DevOps, cloud, and IT infrastructure teams to incorporate secure development practices and vulnerability remediation into their workflows.
- Perform continuous device and asset discovery across IT, cloud, medical, and IoT/OT environments using approved ASM tooling.
- Review and validate asset discovery and vulnerability findings to identify unmanaged, unknown, or misclassified assets.
- Correlate exposure and vulnerability data with CMDBs, internal inventories, and cloud asset repositories to improve accuracy.
- Support the enterprise vulnerability management lifecycle by tracking findings from identification through remediation.
- Apply risk-based vulnerability prioritization using exploitability, asset criticality, and business impact.
- Coordinate with system, application, and device owners to validate their proposed remediation actions and timelines.
- Review third-party penetration testing results and assist with remediation tracking and validation.
- Collaborate with SOC and incident response teams to contextualize vulnerabilities during investigations.
- Develop and maintain technical documentation, SOPs, and workflows related to ASM processes.
- Contribute to dashboards, KPIs, and reporting that measure attack surface coverage, vulnerability aging, and risk reduction.
- Monitor vulnerability and threat trends relevant to healthcare and emerging technologies.
- Assist with automation and orchestration initiatives to improve ASM efficiency under manager guidance.
Requirements
- Bachelor's degree or equivalent work experience.
- 4 - 6 years Cybersecurity or IT experience with progression from vulnerability analysis, exposure management, or ASM analyst functions.
- 4 - 6 years prior experience in highly regulated environments.
- Strong proficiency with asset discovery and attack surface management technologies across on-prem IT, cloud, and IoMT environments.
- Strong ability to interpret, validate, and assess findings from attack surface management (ASM) and vulnerability management platforms.
- Strong understanding of the vulnerability management lifecycle, including remediation processes and governance requirements.
- Foundational experience correlating data across CMDBs, cloud inventories, and security tools.
- Ability to communicate technical findings to non-technical stakeholders with guidance.
- Working knowledge of healthcare cybersecurity frameworks including HIPAA, HITECH, NIST CSF, HITRUST, HICP, and NYSDOH 405.46.
- Strong analytical skills with attention to detail and data accuracy.
- Ability to operate effectively within defined processes and escalate appropriately.
Qualifications
- Prior experience in healthcare.
- One of the following certifications required or obtained within 18 months of hire:
- CompTIA PenTest+
- GIAC Security Essentials (GSEC)
- Tenable Certified Nessus Auditor (TCNA)
- CREST Registered Vulnerability Specialist (RVS)