Attack Surface Management Specialist jobs in United States
cer-icon
Apply on Employer Site
company-logo

Mimecast · 5 days ago

Attack Surface Management Specialist

positionUnited States of America - Massachusetts - Lexington
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$124K/yr - $186K/yr
date6+ years exp

Mimecast is seeking an advanced Attack Surface Management (ASM) professional to join their Information Security organization as a Senior ASM Specialist. This strategic, hands-on role involves leading the design, implementation, and continuous improvement of attack surface reduction initiatives while collaborating with various teams to enhance security measures.

Cyber SecurityEmailLegalSaaSSecurity
check
H1B Sponsor Likelynote

Responsibilities

Lead the design and evolution of comprehensive attack surface management strategies aligned with organizational risk reduction targets
Architect ASM discovery, monitoring, and validation frameworks that identify and track external assets across cloud, network, and application environments
Develop and implement advanced detection methodologies for shadow IT and rogue assets
Establish baseline metrics and KPIs for attack surface visibility and coordinate their achievement across security operations teams
Make improvements to existing ASM processes, tools, and workflows; own the end-to-end execution of these enhancements, improve automation
Evaluate and drive adoption of new ASM tooling, platforms, and technologies
Improve team efficiency and document standard operating procedures
Communicate with security operations, vulnerability management, infrastructure, development, and business teams to establish priorities
Gain organizational cooperation on the adoption of new ASM processes and procedures by clearly demonstrating business value
Coordinate with external stakeholders including cloud service providers, domain registrars, and security vendors
Partner with the vulnerability management function to ensure discovered all assets are properly scanned, classified, and prioritized
Ensure attack surface visibility feeds directly into vulnerability management workflows and Jira tracking systems
Prioritize discovered assets and vulnerabilities using business impact, EPSS scoring
Support executive reporting on attack surface reduction progress
Maintain oversight of critical vulnerabilities tied to external-facing assets and coordinate remediation timelines
Manage complex, multi-phase ASM initiatives with general oversight; define scope, timelines, resource requirements, and success criteria
Lead projects such as cloud security posture assessments, third-party risk management integrations, or regional attack surface reduction campaigns
Work with minimal day-to-day direction; escalate strategic decisions and blockers appropriately to leadership
Track project health through metrics and maintain stakeholder visibility on progress and risks
Incorporate relevant threat intelligence (zero-day vulnerabilities, attack trends, industry-specific risks) into attack surface prioritization decisions
Ensure processes align with compliance (SOC 2, ISO 27001, regional data protection)
Contribute to security assessments and audit responses related to external assets

Qualification

Attack Surface ManagementCloud SecurityVulnerability ManagementProject ManagementThreat IntelligenceSecurity Automation ToolsJIRAProcess ImprovementCompliance KnowledgeCommunication SkillsTeam Collaboration

Required

6+ years of experience in information security, with at least 4 years directly focused on attack surface management, external vulnerability management, or asset discovery
Advanced technical knowledge, methodologies and tools (e.g., Tenable, Shodan, Rapid7 Insight VM, Qualys VMDR, or similar platforms)
Broad knowledge of project management methodologies; experience managing complex, multi-stakeholder initiatives, ability to design and implement process improvements
Strong understanding of cloud security (AWS, Azure, GCP), network reconnaissance, and vulnerability assessment
Excellent written and verbal communication skills; ability to explain complex security concepts to technical and non-technical audiences
Experience with JIRA, vulnerability management workflows, and security automation tools
Bachelor's degree in Computer Science/Information Security or equivalent professional experience

Preferred

Experience with threat intelligence platforms and CSIRT coordination
Knowledge of OWASP, NIST Cybersecurity Framework, or similar security standards
Experience in responsible disclosure program management
Experience in a large SaaS organization, world distributed security teams

Benefits

Incentive plans
Additional benefits

Company

Mimecast

twittertwittertwitter
Glassdoor3.8
company-logo
Mimecast is a SaaS-based email management platform enabling companies to administer business communications and data.
dateFounded in 2003
location
London, England, GBR
people-size1001-5000 employees
web-link
http://www.mimecast.com

H1B Sponsorship

Mimecast has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3)
2024 (1)
2023 (4)
2022 (1)
2021 (1)
2020 (1)

Funding

Current Stage
Public Company
Total Funding
$90.24M
Key Investors
ATL PartnersInsight PartnersIndex Ventures
2021-12-07Acquired
2017-10-31Post Ipo Equity· $0.4M
2015-11-19IPO

Leadership Team

leader-logo
Marc Zadelhoff
Chief Executive Officer
linkedin
M
Micheal McCollough
Senior Vice President Global Channels & Alliances
linkedin

Recent News

crnasia.com
Mimecast opens new regional HQ in Singapore
2025-12-11
GlobeNewswire
Mimecast Expands APAC Investment to Accelerate Human Risk Management Growth
2025-12-10
The European Financial Review
Armour Your Network Against Cybercrime
2025-11-10
Company data provided by crunchbase