Attack Surface Management Consulting Director

You have a clear vision of where your career can go. And we have the leadership to help you get there.At CNA we strive to create a culture in which people know they matter and are part of something important ensuring the abilities of all employees are used to their fullest potential.

JOB DESCRIPTION:

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines:

• Aid in defining and implementing strategy for applying automation AI and agentic AI to application security vulnerability management ethical hacking and attack surface management use cases.
• Evaluate deploy manage and govern best-in-class new and existing AI-centric solutions services and capabilities relevant to the application security ethical hacking and vulnerability management domains.
• Identify prioritize and drive high-value outcomes where automation and AI can improve operational effectiveness speed scale and efficiency.
• Develop and contribute to audit-defensible governance standards processes procedures methodologies practices playbooks etc. for secure AI adoption and use across application security vulnerability management and ethical hacking domains.
• Lead identification and risk analysis of the external attack surface through development and continuous improvement of automation to drive effective risk exposure response across the business.
• Create secure AI including agentic development practices by establishing and continuously improving reusable skills prompts workflows and guardrails for AI-based tools such that AI generated code adheres to secure coding expectations including proper input validation authentication authorization secrets handling logging error handling dependency use and secure design.
• Drive the use of AI to improve threat modeling code review and application security testing; vulnerability analysis prioritization and remediation; penetration testing and red teaming; and attack surface discovery risk analysis and remediation.
• Partner with peer domain leaders and practitioners to understand align integrate collaborate etc. on AI initiatives that realize value to Cyber Defense Global Enterprise Security and the business at large.
• Provides proactive frequent and consistent communication to key IT and business stakeholders on applicable measures metrics KRIs KPIs threats risks etc. Ensures application security vulnerability management ethical hacking outputs and other attack surface management activities result in proper action risk management etc.

May perform additional duties as assigned.

Reporting Relationship

Typically reports to Director or above.

Skills Knowledge & Abilities

• In depth understanding of Vulnerability Management Application Security Cloud Security Ethical Hacking Threat Management and Security Remediation programs and operations.
• Strong working knowledge of AI/ML GenAI LLM and agentic AI security concepts common attack/defense techniques and use to solve application security vulnerability management and ethical hacking domain problems.
• Demonstrated experience developing and maturing service tooling and process automation.
• Demonstrated experience in software development and/or scripting.
• Strong understanding of security vulnerabilities and threats and industry standard methodologies of risk managing exposures effectively.
• Superior analytical and problem-solving skills and the ability to effectively communicate highly technical information to all audiences.
• Proven ability to interact effectively with senior business leadership to effectively address vulnerabilities and threats in a priority manner.
• Working knowledge of regulations (e.g. SOX privacy etc.) and internal controls as they apply to IT. Routinely stays up to date on current best practices / trends to identify document and drive resolution of security exposures through independent and collaborative industry research.
• Proven ability to influence change and drive the adoption of automation AI and agentic AI to applicable domain programs and teams.
• Ability to work extremely well under pressure while maintaining a professional image and approach.

Education & Experience

• Bachelors Degree required or equivalent work experience. Masters Degree in Computer Science or technical field preferred.
• Typically a minimum of ten years of information security or related work experience in one or more of the following: application security vulnerability management or exposure management ethical hacking penetration testing attack surface management security engineering or security architecture.
• Relevant certifications preferred.

#LI-Hybrid

#LI-DM1

In certain jurisdictions CNA is legally required to include a reasonable estimate of the compensation for this District of Columbia California Colorado Connecticut Illinois Maryland Massachusetts New York and Washington the national base pay range for this job level is $97000 to $189000 determinations are based on various factors including but not limited to relevant work experience skills certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees and their family members achieve their physical financial emotional and social wellbeing goals. For a detailed look at CNAs benefits please visit.

CNAutilizesAI-enabled technology during the recruiting process. For more information please visitourcareers page.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation please contact