Be an early applicantLess than 25 applicants

Company

HealthEquity · 13 hours ago

Attack Surface Management Engineer, Principal

United States

Full-time

Remote

Senior Level, Lead/Staff

$133K/yr - $170K/yr

8+ years exp

Maximize your interview chances

Financial ServicesHealth Care

Growth Opportunities

H1B Sponsor Likely

Insider Connection @HealthEquity

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Identify and Remediate Gaps : Independently identify security and program gaps (technical tools, skillset, resources) within the internal and external environment, and offer contextualized remediation guidance to cross-functional teams.

Lead and Drive Projects : Lead significant security projects from inception to delivery, achieving team consensus among various stakeholders. When consensus cannot be reached, identify the best path forward to meet security objectives while balancing business risk and operations.

Senior Escalation Point : Serve as a senior escalation point for the Threat & Vulnerability Management program, determining exploitability of vulnerabilities and contextualizing associated risks. Assist with designing remediations and mitigations for complex vulnerability scenarios.

Influence and Implement : Foster professional relationships with technology/business leaders and SMEs to present, influence, and gain traction on security initiatives. Implement controls consistent with the program’s direction.

Adapt and Innovate : Multi-task and solution in a changing environment impacted by new threats and competing priorities. Identify security measures and controls when new threats or security gaps are identified.

Define and Address : Assist in defining the team roadmap and addressing opportunities/weak points, acknowledging broader technology and business strategies and direction.

Present and Advocate : Present to executives, senior leaders and technical peers on complex security topics, risks, and issues, including external Cybersecurity forums/conferences.

Build Business Cases : Develop business cases to procure and implement new technologies to address emerging risks.

Set Security Standards : Lead security control definition and document requirements for technology and business initiatives. Influence peer groups and integrate security standards across business and technology initiatives.

Apply Frameworks : Apply cybersecurity framework-based controls to on-premise and cloud components, leveraging expert-level knowledge of leading frameworks (NIST, ISO27001, OWASP, CISA KEV, CIS Top 20 Controls).

Consult and Recommend : Function as an internal consultant with respect to technical specialties (application, data, security, infrastructure, cloud). Recommend changes to enhance security and reduce risk.

Stay Updated : Stay apprised of emerging threats applicable to HealthEquity’s business and technology stack, working closely with the Cyber Threat Intelligence team.

Manage External Risks : Monitor and manage risks associated with the external attack surface.

Penetration Testing : Assist in penetration testing activities through a Purple Team lens, focusing on validating vulnerabilities, controls, and remediation.

Mentor and Develop : Mentor junior team members to help upskill and foster knowledge sharing.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Attack Surface ManagementCybersecurity FrameworksSecurity ToolsPenetration TestingInformation Security ExperienceAutomationScriptingBusiness IntelligenceCISSPCISMOSCPCCSPTenableTaniumDefender for EASMShodanAzureSplunkKaliPowerShellPythonPowerBITableauAPI Configuration

Required

Minimum of 8 years of consistent information security experience.

Experience with security tools such as Tenable, Tanium, Defender for EASM, Shodan, Azure, Splunk, Kali.

Automation, scripting, and business intelligence experience (PowerShell, Python, PowerBI, Tableau, API configuration).

Demonstrated experience presenting to senior leaders and technical peers on complex security topics.

Expert-level knowledge of leading cybersecurity frameworks and best practices.

CISSP, CISM, or similar security certification.

Bachelor’s degree in information systems, computer science, or a related field, or equivalent experience.

Preferred

OSCP, CCSP, or other advanced certifications highly preferred.

Benefits

Medical, dental, and vision

HSA contribution and match

Dependent care FSA match

Uncapped paid time off

Adventure accounts

Paid parental leave

401(k) match

Personal and healthcare financial literacy programs

Ongoing education & tuition assistance

Gym and fitness reimbursement

Wellness program incentives

Company

HealthEquity

Glassdoor

4.1

HealthEquity connects health and wealth by administering Health Savings Accounts (HSAs) and other consumer-directed benefits.

Founded in 2002

Draper, Utah, USA

1001-5000 employees

http://www.healthequity.com

H1B Sponsorship

HealthEquity has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (27)

2022 (7)

2021 (1)

2020 (2)