Security Analyst Consultant Attack Surface Management

ABOUT KALLES GROUP:

Everyone deserves to be secure. Our mission at Kalles Group is to help secure the future for companies of all shapes and sizes.

While our expertise spans multiple disciplines our method remains consistent: building trust and relationship with people -- whether you are a client a consultant or--in this case--a candidate.

No matter what role you come from--whether youre an executive or just starting your career-you can expect our highest level of attention and respect. We want to find the right fit for each role but we also want you to find the right fit for your career.

We believe the best way to show you what our team is like is to treat you like youre already a part of it. We hope youll consider joining our team of experienced professionals who are building their careers at Kalles Groupand having fun while doing it.

WHAT YOU WILL DO:

As a Senior Security Analyst Consultant Attack Surface Management you will lead and evolve our clients enterprise Attack Surface Management (ASM) program helping reduce cyber risk through proactive discovery analysis automation and collaboration. This is a highly visible role that combines strategic leadership with hands-on technical execution requiring expertise across vulnerability management cloud security threat intelligence and offensive security disciplines.

You will be responsible for developing a comprehensive view of the organizations attack surface identifying opportunities to reduce exposure and driving remediation efforts in partnership with engineering cloud DevOps and security teams. Leveraging data automation and threat intelligence you will help prioritize risk reduction initiatives while influencing architectural decisions that strengthen the organizations security posture. This role is ideal for someone who enjoys building programs solving complex security challenges and partnering across the enterprise to create meaningful security outcomes.

KEY RESPONSIBILITIES:

• Lead and mature the organizations Attack Surface Management (ASM) program identifying opportunities to expand capabilities and improve visibility
• Develop and maintain a comprehensive understanding of the enterprise attack surface across cloud network and application environments
• Continuously identify assess and prioritize vulnerabilities and exposures based on business and security risk
• Partner with security engineering infrastructure and cloud teams to drive remediation efforts and reduce risk
• Leverage metrics and analytics to measure program effectiveness and inform risk-based decision making
• Conduct external reconnaissance activities OSINT research and threat intelligence analysis to identify potential exposure points
• Monitor emerging threats attacker techniques and industry trends to proactively strengthen defensive capabilities
• Collaborate with Application Security DevOps and Cloud Engineering teams to promote secure-by-design practices
• Contribute to incident response investigations and post-incident analysis as needed
• Design and implement automation solutions that improve visibility efficiency and risk management workflows
• Develop and maintain operational standards procedures documentation and runbooks
• Mentor team members and share expertise across security domains
• Support compliance initiatives including PCI DSS SOC 2 and related regulatory requirements
• Validate security controls and identify opportunities for continuous improvement

ABOUT YOU:

• Your values:
  • Integrity: You believe in doing the right thing even when its uncomfortable seemingly inefficient or costly.
  • Purposefulness: You have a desire to serve others with your skillset and an openness to continuous learning and growth.
  • Ownership: You stick to your commitments follow up with action and seek clarity in communication & expectations.

YOUR EXPERIENCE:

Required Qualifications

• 6 years of experience in cybersecurity including security operations threat hunting offensive security red teaming or related disciplines
• Experience building scaling or leading Attack Surface Management (ASM) capabilities and programs
• Strong understanding of vulnerability management methodologies and risk prioritization frameworks
• Experience working within multi-cloud environments including AWS Azure and GCP
• Deep knowledge of attacker tactics techniques and procedures (TTPs) and frameworks such as MITRE ATT&CK
• Expertise in network security cloud security attack path analysis and external attack surface discovery
• Experience conducting OSINT reconnaissance and threat intelligence activities
• Proficiency with scripting and automation technologies such as Python and PowerShell
• Strong understanding of enterprise infrastructure application architectures and data flows
• Ability to evaluate and influence architectural decisions that reduce organizational risk
• Experience leading cross-functional security initiatives and driving collaboration across multiple teams
• Excellent written and verbal communication skills with the ability to communicate effectively with both technical and non-technical stakeholders
• Strong analytical and problem-solving skills with a data-driven approach to risk management

Preferred Qualifications

• Industry certifications such as CISSP OSCE GREM or similar cybersecurity credentials
• Experience applying AI and automation technologies to security operations or attack surface management programs
• Experience with cloud-native security platforms and exposure management tooling
• Familiarity with threat modeling purple teaming or advanced adversary simulation exercises
• Experience working in large-scale enterprise environments with complex security requirements

WHAT WE OFFER:

• The annual salary range for this role is $110000-$140000.
• We offer Medical Dental Vision plans 401K with matching and PTO for salaried employees.
• Work/life balance we know theres more to life than work! We encourage our team to pursue other passions get outside and spend time with family. We work with clients and consultants to set expectations for a manageable workload.

LOCATION:

This role can be remote but we have a strong preference for client who live in Seattle WA.

HOW TO APPLY:

Please fill out the form below (including uploading your most recent resume) and well be in touch! We know imposter syndrome can be a barrier to many great applicants. We hope youll still consider applying. Thats why weve made the application process as short and simple as possible.

Even if youre not a fit for the role you can expect to hear back from us! We want you to have the best experience as a candidate so please feel free to share feedback at any stage of the process to .

Kalles Group is an equal-opportunity employer and does not discriminate on the basis of creed nationality race ethnicity disability gender or other protected class.