Attack Surface Management Specialist

We are seeking an advanced Attack Surface Management (ASM) professional to join Mimecasts Information Security organization as a Senior ASM Specialist. This is a strategic hands-on role leading the design implementation and continuous improvement of our attack surface reduction initiatives. The successful candidate will bring strong technical expertise in ASM methodologies and broad project management capabilities.

What Youll Do:

Attack Surface Management Strategy & Architecture

• Lead the design and evolution of comprehensive attack surface management strategies aligned with organizational risk reduction targets
• Architect ASM discovery monitoring and validation frameworks that identify and track external assets across cloud network and application environments
• Develop and implement advanced detection methodologies for shadow IT and rogue assets
• Establish baseline metrics and KPIs for attack surface visibility and coordinate their achievement across security operations teams

Process Improvement & Automation

• Make improvements to existing ASM processes tools and workflows; own the end-to-end execution of these enhancements improve automation
• Evaluate and drive adoption of new ASM tooling platforms and technologies.
• Improve team efficiency and document standard operating procedures

Cross-Functional Leadership & Collaboration

• Communicate with security operations vulnerability management infrastructure development and business teams to establish priorities.
• Gain organizational cooperation on the adoption of new ASM processes and procedures by clearly demonstrating business value
• Coordinate with external stakeholders including cloud service providers domain registrars and security vendors
• Partner with the vulnerability management function to ensure discovered all assets are properly scanned classified and prioritized

Vulnerability & Risk Management Integration

• Ensure attack surface visibility feeds directly into vulnerability management workflows and Jira tracking systems
• Prioritize discovered assets and vulnerabilities using business impact EPSS scoring
• Support executive reporting on attack surface reduction progress
• Maintain oversight of critical vulnerabilities tied to external-facing assets and coordinate remediation timelines

Complex Project Management

• Manage complex multi-phase ASM initiatives with general oversight; define scope timelines resource requirements and success criteria
• Lead projects such as cloud security posture assessments third-party risk management integrations or regional attack surface reduction campaigns
• Work with minimal day-to-day direction; escalate strategic decisions and blockers appropriately to leadership
• Track project health through metrics and maintain stakeholder visibility on progress and risks

Threat Intelligence & Compliance Integration

• Incorporate relevant threat intelligence (zero-day vulnerabilities attack trends industry-specific risks) into attack surface prioritization decisions
• Ensure processes align with compliance (SOC 2 ISO 27001 regional data protection)
• Contribute to security assessments and audit responses related to external assets.

What Youll Bring:

• 6 years of experience in information security with at least 4 years directly focused on attack surface management external vulnerability management or asset discovery
• Advanced technical knowledge methodologies and tools (e.g. Tenable Shodan Rapid7 Insight VM Qualys VMDR or similar platforms)
• Broad knowledge of project management methodologies; experience managing complex multi-stakeholder initiatives ability to design and implement process improvements
• Strong understanding of cloud security (AWS Azure GCP) network reconnaissance and vulnerability assessment
• Excellent written and verbal communication skills; ability to explain complex security concepts to technical and non-technical audiences
• Experience with JIRA vulnerability management workflows and security automation tools
• Bachelors degree in Computer Science/Information Security or equivalent professional experience
• Experience with threat intelligence platforms and CSIRT coordination
• Knowledge of OWASP NIST Cybersecurity Framework or similar security standards
• Experience in responsible disclosure program management
• Experience in a large SaaS organization world distributed security teams

The base salary range for this position is $124000$186000 plus benefits. This range represents the minimum and maximum new hire compensation for this role. The position may also be eligible for incentive plans and additional benefits in accordance with company policy and local regulations. Our salary ranges are determined by role level and location with individual compensation also dependent on factors such as qualifications experience and skills. Final offers will reflect these considerations and may vary accordingly.

#LI-ND1

Belonging at Mimecast

Cybersecurity is a community effort. Thats why were committed to building an inclusive diverse community that celebrates and welcomes everyone unless theyre a cybercriminal of course.

Were proud to be an Equal Opportunity and Affirmative Action Employer and wed encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.

We consider everyone equally: your race age religion sexual orientation gender identity ability marital status nationality or any other protected characteristic wont affect your application.

If you require any adjustments or accommodations due to a disability or any other reason that may help you in your interview process please let us know by emailing

Due to certain obligations to our customers an offer of employment will be subject to your successful completion of applicable background checks conducted in accordance with local law.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.