Matlen Silver · 5 days ago
External Attack Surface Management (EASM) Engineer
Charlotte, NC
Contract
Onsite
Senior Level
5+ years expMatlen Silver is seeking an External Attack Surface Management (EASM) Engineer to support a regulated financial services environment. The role focuses on identifying, validating, and reducing external-facing cyber risks while ensuring compliance with regulatory standards.
Information TechnologyRecruitingStaffing Agency
Responsibilities
Identify, inventory, and continuously monitor internet-facing assets across on-prem, cloud, SaaS, and third-party environments
Use AttackIQ to execute adversary emulation and breach-and-attack simulations aligned to MITRE ATT&CK, threat intelligence, and regulatory risk scenarios
Validate effectiveness of security controls including EDR, IAM, firewalls, WAF, email security, and network segmentation
Analyze exposure findings and control gaps, prioritizing remediation based on risk, regulatory impact, and business criticality
Partner with Security Operations, Cloud Engineering, Network, and Application teams to drive remediation and risk acceptance decisions
Produce audit-ready documentation, dashboards, and executive reporting demonstrating control effectiveness and risk reduction over time
Support regulatory and internal audit activities (e.g., FFIEC, SOX, PCI, GLBA) by providing evidence of continuous control validation
Integrate AttackIQ results with SIEM, SOAR, vulnerability management, and ticketing platforms
Contribute to the maturity of the bank’s EASM and threat validation program
Qualification
Required
5+ years of experience in cybersecurity engineering, security operations, or threat validation within a regulated environment
Hands-on experience with External Attack Surface Management (EASM) programs and tooling
Direct, hands-on experience with AttackIQ, including scenario development, campaign execution, and results analysis
Strong understanding of: Network and perimeter security (DNS, TLS, firewalls, proxies)
Cloud security in AWS, Azure, and/or GCP
Web application and API security
MITRE ATT&CK and threat-informed defense concepts
Experience validating controls subject to regulatory scrutiny (EDR, IAM, logging, monitoring, segmentation)
Ability to clearly communicate technical findings to risk, audit, and executive stakeholders
Preferred
Prior experience in banking, financial services, or highly regulated enterprises
Familiarity with regulatory and control frameworks (FFIEC, NIST CSF, NIST 800-53, PCI DSS, SOX, GLBA)
Experience with complementary tools such as Microsoft Defender EASM, Cortex Xpanse, Randori, or Cymulate
Background in purple teaming, red teaming, or penetration testing
Scripting or automation experience (Python, PowerShell)
Relevant certifications (CISSP, GCIH, GPEN, OSCP, CRTO)
Company
Matlen Silver
Matlen Silver is a staffing agency for IT firms.
1001-5000 employees
H1B Sponsorship
Matlen Silver has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (34)
2024 (10)
2023 (8)
2022 (8)
2021 (17)
2020 (35)
Funding
Current Stage
Late StageLeadership Team
Michele Beilman
Chief Executive Officer
Jimmy De Silver
President & Owner
Recent News
2025-11-19
2024-05-30
2023-12-10
Company data provided by crunchbase