Security Engineer – Attack Surface Management (ASR) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Exegy · 1 day ago

Security Engineer – Attack Surface Management (ASR)

positionSt Louis, MO
timeFull-time
remoteOnsite
seniorityMid Level
date3+ years exp

Exegy is a global leader in intelligent market data and advanced trading systems. They are seeking a hands-on Security Engineer – ASR to own and mature their vulnerability management program, focusing on reducing organizational risk and attack surface through effective vulnerability management and collaboration with IT and engineering teams.

Information TechnologyService IndustrySoftware
check
H1B Sponsor Likelynote

Responsibilities

Own the end-to-end vulnerability lifecycle: discovery, prioritization, remediation tracking, and validation
Maintain accurate asset and exposure visibility across endpoints, servers, cloud workloads, SaaS, and internet-facing systems
Perform regular vulnerability scanning and ad-hoc assessments
Prioritize remediation based on real-world risk, considering:
Exploitability and threat intelligence
Asset criticality and business impact
Exposure (internet-facing, privileged systems, sensitive data)
Reduce vulnerability noise by deduplicating findings and focusing teams on what matters most
Track remediation progress and validate fixes
Identify and eliminate:
Unmanaged or unknown assets
Legacy systems with chronic vulnerabilities
Misconfigurations that expand attack surface
Partner with IT and Engineering to:
Improve patching cadence
Enforce secure configuration baselines
Reduce recurring vulnerability patterns
Recommend compensating controls where remediation is not immediately feasible
Conduct targeted threat analysis and light threat hunting to identify exploitation attempts and abnormal authentication or privilege activity
Feed threat intelligence and observed attacker behavior back into vulnerability prioritization
Improve detection, hardening, and prevention based on findings
Work closely with IT, Engineering, and Infrastructure teams to drive remediation outcomes
Translate technical vulnerabilities into clear, actionable risk statements
Provide leadership with concise, outcome-focused metrics and trend reporting
Contribute to security standards, procedures, and operational improvements
Reduction in critical and high-risk vulnerabilities over time
Mean time to remediate (MTTR)
Percentage of assets with known ownership and patch coverage
Reduction in repeat or systemic vulnerabilities
Demonstrated attack surface reduction (fewer exposed services, unused assets, misconfigurations)

Qualification

Vulnerability managementSecurity engineeringVulnerability scanning toolsCommon vulnerability classesSecurity frameworks knowledgeRisk assessmentThreat analysisTechnical documentationCollaboration skillsCommunication skills

Required

3+ years of hands-on experience in security engineering, vulnerability management, or a closely related discipline
Strong working knowledge of common vulnerability classes, exploitation techniques, and attacker methodologies
Solid foundation in operating systems, networking concepts, and cloud fundamentals
Experience using vulnerability scanning, detection, and security monitoring tools to identify and assess risk
Demonstrated ability to prioritize remediation efforts based on business and technical risk rather than raw finding volume
Familiarity with how vulnerabilities map real-world attack techniques and threat models
Working knowledge of widely adopted security frameworks and control sets (e.g., MITRE ATT&CK, NIST CSF, ISO 27001, CIS Controls)
Ability to contextualize vulnerability findings within broader security, operational, and compliance considerations
Capable of clearly documenting vulnerability findings, risk rationale, and remediation guidance
Effective in working with engineering, infrastructure, and IT teams to drive timely remediation
Comfortable translating technical findings into actionable work items and recommendations

Preferred

Experience operating in lean or resource-constrained environments where prioritization and pragmatism are critical
Exposure to integrating vulnerability findings into ticketing, backlog management, or ITSM workflows
Relevant security certifications (e.g., Security+, CEH, CISSP) or equivalent practical experience are beneficial but are not required

Company

Exegy

twittertwittertwitter
company-logo
Exegy provides ultra-high performance, hardware-accelerated computing appliances that process market data for financial organizations.
dateFounded in 2003
location
St Louis, Missouri, USA
people-size201-500 employees
web-link
http://www.exegy.com

H1B Sponsorship

Exegy has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2024 (3)
2023 (2)
2022 (1)
2021 (2)
2020 (1)

Funding

Current Stage
Growth Stage
Total Funding
$16.79M
Key Investors
Marlin Equity PartnersSkandalaris Center for Interdisciplinary Innovation and Entrepreneurship
2021-05-20Private Equity
2013-02-11Debt Financing· $1.5M
2011-06-01Grant

Leadership Team

leader-logo
David Taylor
Chief Executive Officer
linkedin
leader-logo
Jim O'Donnell
CEO
linkedin

Recent News

Crowdfund Insider
Exegy Nexus Designed For Low-Latency Market Making
2025-11-24
Crowdfund Insider
Exegy Research Quantifies Tech Costs, Compares In-House, Vendor Solutions
2025-09-29
PR.com
A-Team Group Names Winners of Its Innovation Awards 2025
2025-05-01
Company data provided by crunchbase