Analyst, Attack Surface Management (ASM)

ABOUT THE DEPARTMENT

The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience cyber risk management and threat-informed defense. As a world-class research institution USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape.

This role sits within a newly restructured cybersecurity organization thats leading this transformation. Youll join a team focused on scalable proactive defense strategies incident preparedness and operational excellenceworking alongside experts who are deeply committed to service innovation and impact.

If youre driven by purpose thrive in complexity and want to help shape the future of cybersecurity at a leading university we invite you to bring your leadership to the table.

POSITION SUMMARY

As the Analyst Attack Surface Management (ASM) you will be an integral member of the cybersecurity department while also collaborating with stakeholders across the university ecosystem and reporting to the ASM Manager. This is a full-time exempt position eligible for all of USCs fantastic Benefits Perks. This opportunity is remote.

The Analyst Attack Surface Management (ASM) works to identify assess and mitigate vulnerabilities across the universitys digital environment. Responsible for continuously monitoring and managing the universitys attack surface (e.g. on-premises and cloud-based systems network perimeter Operational Technology (OT) environments applications and external-facing services) to prevent unauthorized access and data breaches. Works with cross-functional teams (e.g. Cyber Threat Intel Cyber Defense Cyber Governance) to identify and prioritize threats utilizing vulnerability assessments penetration testing and risk evaluations. Collaborates with university IT teams Departments Schools Units (DSUs) and other stakeholders to implement effective security controls. Works with USC Defense to support security response efforts and ensures ASM practices align with regulatory compliance and university cybersecurity policies.

The Analyst Attack Surface Management (ASM) will:

• Identifies catalogs and continuously maintains an inventory of the universitys digital assets (e.g. on-premises and cloud-based systems Operational Technology (OT) environments applications and services).
  Consistently monitors the universitys digital environment for new threats changes to the attack surface and emerging risks.

• Conducts vulnerability assessments attack and penetration testing and risk evaluations to determine security gaps. Scans digital assets for vulnerabilities assesses their potential impact and prioritizes risks based on severity. Analyzes potential threats and their impact on the universitys systems applications and data. Recommends appropriate mitigation strategies.

• Develops and recommends appropriate mitigation strategies to reduce identified risks.
  Works with IT teams Departments Schools and Units (DSUs) and other stakeholders to validate and implement effective remediation. Ensures timely application of security patches and updates to minimize vulnerabilities (e.g. Patch Management).

• Assists in responding to security incidents focusing on how the attack surface was exploited and how to prevent future attacks. Serves as a subject matter expert (SME) in Attack Surface Management (ASM) formulating and prioritizing intelligence requirements within a risk management framework.

• Provides regular reports on the attack surface status including potential risks vulnerabilities and the effectiveness of implemented security controls. Ensures ASM strategies align with university cybersecurity policies and compliance requirements.

• Engages with IT teams and DSUs to advise on remediation strategies and best practices for reducing the attack surface. Integrates ASM efforts into broader security and risk management initiatives to validate end-to-end remediation.

• Maintains awareness and knowledge of changes within legal regulatory and technology environments which may affect operations. Promotes a workplace culture aligned with USCs Code of Ethics where all employees are valued and empowered to contribute.

MINIMUM QUALIFICATIONS

Great candidates for the position of Analyst Attack Surface Management (ASM) will meet the following qualifications:

• 2 years of experience in attack surface and vulnerability management.

• A bachelors degree or combined experience and education as substitute for minimum education.

• Ability to interface with teams across the CISO Office and ITS such as Enterprise and Infrastructure Services and across USC IT teams.

• Thorough understanding of technology tools policies and standards related to security systems and incident response.

• Understanding of Operational Technology environments and the security requirements needed to support them.

• Technical knowledge of Cyber Defense concepts including incident response security monitoring cyber threat

• intelligence attack surface and vulnerability management.

• Strong leadership and people management skills.

• Solid technical knowledge and troubleshooting skills.

• Ability to work effectively in high-stress situations and manage crisis situations.

• Skilled in communicating with a wide range of stakeholders and business partners.

• Experience in the management and/or implementation of security monitoring anti-malware and vulnerability management technologies.

• In-depth experience in application security management and knowledge of cyber threat intelligence.

• Strong understanding of ASM management security testing practices and methodologies.

• Experience in building infrastructure and application vulnerability management programs.

• Comprehensive knowledge of cloud computing and associated security challenges.

• Ability to assess business risks and recommend suitable cybersecurity measures.

• Familiarity with common vulnerability frameworks such as CVSS and OWASP Top 10.

• Adaptability to changes in the external environment and organizational shifts.

• Knowledge of system application and database hardening techniques.

• Effective communication skills and the ability to interact with all organizational levels.

• Project management experience and the ability to lead complex security initiatives.

• Commitment to staying current with the latest security threats trends and technologies.

PREFERRED QUALIFICATIONS

Exceptional candidates for the position of Analyst Attack Surface Management (ASM) will also bring the following qualifications or more:

• 5 years of related experience in IT security roles with hands-on vulnerability analysis

• A masters degree.

• Strong understanding of cybersecurity threats and remediation practices

• Ability to communicate effectively across technical and non-technical audiences

In addition the successful candidate must also demonstrate through ideas words and actions a strong commitment to USCs Unifying Values of integrity excellence community well-being open communication and accountability.

SALARY AND BENEFITS

The annual base salary range for this position is $112575.21-$127577. When extending an offer of employment the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position the candidates work experience education/training key skills internal peer alignment federal state and local laws contractual stipulations grant funding as well as external market and organizational considerations.

To support the well-being of our faculty and staff USC provides benefits-eligible employees with a broad range of perks to help protect their and their dependents health wealth and future. These benefits are available as part of the overall compensation and total rewards package. You can learn more about USCs comprehensive benefits here.

Join the USC cybersecurity team within an environment of innovation and excellence.

Minimum Education: Bachelors degree

Addtional Education Requirements Combined experience/education as substitute for minimum education
Minimum Experience: 2 years in attack surface and vulnerability management.

Minimum Skills: Ability to interface with teams across the CISO Office and ITS such as Enterprise and Infrastructure Services and across USC IT teams. Thorough understanding of technology tools policies and standards related to security systems and incident response. Understanding of Operational Technology environments and the security requirements needed to support them. Technical knowledge of Cyber Defense concepts including incident response security monitoring cyber threat intelligence attack surface and vulnerability management. Strong leadership and people management skills. Solid technical knowledge and troubleshooting skills. Ability to work effectively in high-stress situations and manage crisis situations. Skilled in communicating with a wide range of stakeholders and business partners. Experience in the management and/or implementation of security monitoring anti-malware and vulnerability management -depth experience in application security management and knowledge of cyber threat intelligence. Strong understanding of ASM management security testing practices and methodologies. Experience in building infrastructure and application vulnerability management programs. Comprehensive knowledge of cloud computing and associated security challenges. Ability to assess business risks and recommend suitable cybersecurity measures. Familiarity with common vulnerability frameworks such as CVSS and OWASP Top 10. Adaptability to changes in the external environment and organizational shifts. Knowledge of system application and database hardening techniques. Effective communication skills and the ability to interact with all organizational levels. Project management experience and the ability to lead complex security initiatives. Commitment to staying current with the latest security threats trends and technologies.
Preferred Education: Masters degree

Preferred Experience: 5 years

USC is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin protected veteran status disability or any other characteristic protected by law or USC policy. USC observes affirmative action obligations consistent with state and federal law. USC will consider for employment all qualified applicants with criminal records in a manner consistent with applicable laws and regulations including the Los Angeles County Fair Chance Ordinance for employers and the Fair Chance Initiative for Hiring Ordinance and with due consideration for patient and student safety. Please refer to theBackground Screening Policy Appendix Dfor specific employment screen implications for the position for which you are applying.

We provide reasonable accommodations to applicants and employees with disabilities. Applicants with questions about access or requiring a reasonable accommodation for any part of the application or hiring process should contact USC Human Resources by phone at or by email at. Inquiries will be treated as confidential to the extent permitted by law.

• Notice of Non-discrimination
• Employment Equity
• Read USCs Clery Act Annual Security Report
• USC is a smoke-free environment
• Digital Accessibility

If you are a current USC employee please apply to thisUSC job posting in Workday by copying and pasting this link into your browser:

Experience:

IC