Apply on Employer Site

Vanguard · 8 hours ago

Senior EASM Engineer - External Attack Surface Management

Malvern, PA

Full-time

Hybrid

Senior Level

7+ years exp

Vanguard is a company dedicated to the long-term financial wellbeing of its clients. They are seeking a Senior EASM Engineer to lead external attack surface management validation and engineering, architect prioritization logic, and advance EASM capabilities while collaborating with stakeholders to enhance security measures.

FinanceFinancial Services

No H1B

Responsibilities

Lead EASM validation and engineering: Investigate and reproduce findings from EASM platforms (e.g., exposed services, misconfigurations, weak crypto, DNS issues, leaked assets). Engineer and maintain repeatable validation processes and automation to confirm exploitability and business impact

Architect prioritization logic: Partner with VM stakeholder to apply exploitability signals (EPSS, KEV, public exploit availability), asset criticality, and exposure windows to drive risk-based prioritization

Engineer attribution and routing workflows: Build logic to deduplicate, attribute, and route findings across inventories, scanner outputs, and historical exceptions. Ensure single-threaded tracking and SLA visibility

Partner on remediation strategy: Collaborate with stakeholders to design layered fixes, compensating controls, and sustainable hardening patterns for external assets

Advance EASM capabilities: Develop tuning logic for discovery seeds and asset correlation. Continuously improve signal fidelity and automate common validation tasks

Support VDP oversight: Provide governance for researcher communications, proof-of-fix validation, and SLA adherence

Qualification

EASM platformsVulnerability engineeringCloud securityScripting PythonScripting PowerShellScripting BashSQLPKI/TLS hygieneDNS hardeningCertifications OSCPCertifications GWAPTCertifications GPENCommunication skillsLeadershipCollaborationProblem-solving

Required

7+ years in vulnerability engineering or external attack surface security, with proven leadership in complex environments

Hands-on experience with EASM platforms (e.g., Censys, Defender EASM, Cortex Xpanse, CyCognito, etc.) and strong understanding of internet-scale asset discovery

Proficiency in scripting (Python, PowerShell, Bash) for automation and data wrangling; familiarity with SQL for enrichment tasks

Strong knowledge of cloud security (AWS/Azure), PKI/TLS hygiene, DNS hardening, and external service posture

Exceptional written and verbal communication—capable of translating technical risk into executive clarity and developer-ready guidance

Preferred

Experience building prioritization models using EPSS/KEV and attack path concepts

Familiarity with SaaS posture signals (SSPM) intersecting with external exposure

Certifications such as OSCP, GWAPT, GPEN (or equivalent demonstrable skill); CISSP is a plus

Deep expertise in validating advanced issues (authN/Z bypass, SSRF, injection, misconfigurations, cloud/API exposures) and producing actionable PoCs

Company

Vanguard

Glassdoor3.7

Check is a client-owned investment company that offers low-cost mutual funds, ETFs, advice, and related services.

Founded in 1975

Kelayres, Pennsylvania, USA

10001+ employees

http://investor.vanguard.com/corporate-portal

Funding

Current Stage

Late Stage

Total Funding

unknown

Key Investors

ic@3401

2017-03-31Non Equity Assistance

Leadership Team

Salim Ramji

Chief Executive Officer

Andrew Maack

Principal, Head of US Equity Index Portfolio Management

Recent News

PR Newswire

Vanguard Appoints Natalie Lamarque as Chief Legal Officer

2025-09-05

citybiz

Vanguard Managing Director Karin Risi to Retire

2025-03-15

PR Newswire

Vanguard to Establish New Advice & Wealth Management Division Led by Industry Veteran Joanna Rotenberg

2025-03-14

Company data provided by crunchbase