Application and Attack Surface Analyst

When you join Verizon

You want more out of a career. A place to share your ideas freely even if theyre daring or different. Where the true you can learn grow and thrive. At Verizon we power and empower how people live work and play by connecting them to what brings them joy. We do what we love driving innovation creativity and impact in the world. Our V Team is a community of people who anticipate lead and believe that listening is where learning crisis and in celebration we come together lifting our communities and building trust in how we show up everywhere & always. Want in Join the #VTeamLife.

What youll be doing:

As an Attack Surface Management (ASM) & Web Application Scanning (WAS) Security Analyst you will be a critical member of Verizons Exposure and Vulnerability Management (EVM) team. Your mission is to think like an adversary to identify analyze and mitigate Verizons digital and physical exposure across a global footprintincluding Public Cloud On-Premise Data Centers OT/Industrial environments and Third-Party ecosystems.

You will bridge the gap between external threat visibility and internal risk reduction shifting our posture from reactive scanning to proactive continuous monitoring and automated web application security.

Key Responsibilities include:

Digital Asset Discovery & Web Scanning

• Continuous Monitoring: Implementing and managing automated discovery of known and unknown assets including Shadow IT abandoned infrastructure and expired domains.

• Web Application Security: Leading the strategy for Web Application Scanning (WAS); configuring and maintaining automated scans to detect vulnerabilities.

• Cloud & Edge Governance: Identifying misconfigured cloud resources (AWS Azure GCP) and exposed edge computing nodes.

• Classification: Maintaining a dynamic asset tagging strategy to ensure findings are prioritized based on business criticality and data sensitivity.

Analysis & Risk Prioritization

• Threat Correlation: Mapping ASM and Web findings against MITRE ATT&CK frameworks and real-world threat intelligence to identify high-likelihood attack paths.

• Validation: Distinguishing between theoretical vulnerabilities and reachable exposures through manual validation and proof-of-concept testing to reduce noise for remediation teams.

• Vulnerability Synergy: Collaborating with the wider EVM team to integrate ASM and Web scanning data into unified platforms like .

Operational Excellence & Automation

• Engineering & Scripting: Using Python to build custom integrations between ASM tools Web Scanners and internal orchestration platforms (SOAR/Splunk).

• Strategic Remediation: Partnering with Security Architecture to implement guardrails (e.g. automated blocking of high-risk ports or WAF rule deployment).

• Reporting: Producing weekly Key Performance Indicators (KPIs) and trend reports that translate technical exposure into business risk for leadership.

What were looking for:

Youll need to have:

• Bachelors degree or four or more years of experience.

• Four or more years of relevant work experience demonstrated through one or a combination of job-related work experience military experience or specialized training or education (non-collegiate).

• Minimum of four years in Cybersecurity with at least two years specialized in Attack Surface Management / Web Application Scanning External Attack Surface Management (EASM) or Offensive Security.

• Three or more years of Python experience (or equivalent) for automation and API integration.

• Hands-on experience with: ASM Platforms such as Palo Alto Xpanse Randori Censys Shodan or BitSight Web Scanning applications such as Burp Suite Enterprise WAS Qualys WAS or Invicti and Vulnerability Platform Management experience with Tenable Qualys or Rapid7.

Even better if you have one or more of the following:

• Exceptional ability to document complex technical findings and present them clearly to non-technical stakeholders.

• Certifications such CISSP OSCP GIAC (GEVA/GXPN) or CRTO.

• Proven experience securing multi-cloud environments (AWS/Azure/GCP) and understanding Kubernetes/Container security.

• Experience as a Splunk Power User or Developer (creating dashboards ES correlation rules).

• Familiarity with the unique exposure risks of Telecommunications infrastructure and Industrial Control Systems (ICS).

If Verizon and this role sound like a fit for you we encourage you to apply even if you dont meet every even better qualification listed above.

Scheduled Weekly Hours

Equal Employment Opportunity

Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to veteran status disability or other legally protected characteristics.

Benefits and Compensation

Our benefits are designed to help you move forward in your career and in areas of your life outside of Verizon. From health and wellness benefit options including: medical dental vision short and long term disability basic life insurance supplemental life insurance AD&D insurance identity theft protection pet insurance and group home & auto insurance. We also offer a matched 401(k) savings plan up to 8 company paid holidays per year and up to 6 personal days per year paid parental leave adoption assistance and tuition assistance plus other incentives weve got you covered with our award-winning total rewards package. Depending on the role employees have the opportunity to receive compensation in the form of premium pay such as overtime shift differential holiday pay allowances etc. Newly hired employees receive up to 15 days of vacation per year which grows with additional service. For part-timers your coverage will vary as you may be eligible for some of these benefits depending on your individual circumstances.