HealthEquity · 11 hours ago
Attack Surface Management Engineer, Principal
Maximize your interview chances
Financial ServicesHealth Care
Growth OpportunitiesH1B Sponsor Likely
Insider Connection @HealthEquity
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Identify and Remediate Gaps : Independently identify security and program gaps (technical tools, skillset, resources) within the internal and external environment, and offer contextualized remediation guidance to cross-functional teams.
Lead and Drive Projects : Lead significant security projects from inception to delivery, achieving team consensus among various stakeholders. When consensus cannot be reached, identify the best path forward to meet security objectives while balancing business risk and operations.
Senior Escalation Point : Serve as a senior escalation point for the Threat & Vulnerability Management program, determining exploitability of vulnerabilities and contextualizing associated risks. Assist with designing remediations and mitigations for complex vulnerability scenarios.
Influence and Implement : Foster professional relationships with technology/business leaders and SMEs to present, influence, and gain traction on security initiatives. Implement controls consistent with the program’s direction.
Adapt and Innovate : Multi-task and solution in a changing environment impacted by new threats and competing priorities. Identify security measures and controls when new threats or security gaps are identified.
Define and Address : Assist in defining the team roadmap and addressing opportunities/weak points, acknowledging broader technology and business strategies and direction.
Present and Advocate : Present to executives, senior leaders and technical peers on complex security topics, risks, and issues, including external Cybersecurity forums/conferences.
Build Business Cases : Develop business cases to procure and implement new technologies to address emerging risks.
Set Security Standards : Lead security control definition and document requirements for technology and business initiatives. Influence peer groups and integrate security standards across business and technology initiatives.
Apply Frameworks : Apply cybersecurity framework-based controls to on-premise and cloud components, leveraging expert-level knowledge of leading frameworks (NIST, ISO27001, OWASP, CISA KEV, CIS Top 20 Controls).
Consult and Recommend : Function as an internal consultant with respect to technical specialties (application, data, security, infrastructure, cloud). Recommend changes to enhance security and reduce risk.
Stay Updated : Stay apprised of emerging threats applicable to HealthEquity’s business and technology stack, working closely with the Cyber Threat Intelligence team.
Manage External Risks : Monitor and manage risks associated with the external attack surface.
Penetration Testing : Assist in penetration testing activities through a Purple Team lens, focusing on validating vulnerabilities, controls, and remediation.
Mentor and Develop : Mentor junior team members to help upskill and foster knowledge sharing.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Minimum of 8 years of consistent information security experience.
Experience with security tools such as Tenable, Tanium, Defender for EASM, Shodan, Azure, Splunk, Kali.
Automation, scripting, and business intelligence experience (PowerShell, Python, PowerBI, Tableau, API configuration).
Demonstrated experience presenting to senior leaders and technical peers on complex security topics.
Expert-level knowledge of leading cybersecurity frameworks and best practices.
CISSP, CISM, or similar security certification.
Bachelor’s degree in information systems, computer science, or a related field, or equivalent experience.
Preferred
OSCP, CCSP, or other advanced certifications highly preferred.
Benefits
Medical, dental, and vision
HSA contribution and match
Dependent care FSA match
Uncapped paid time off
Adventure accounts
Paid parental leave
401(k) match
Personal and healthcare financial literacy programs
Ongoing education & tuition assistance
Gym and fitness reimbursement
Wellness program incentives
Company
HealthEquity
HealthEquity connects health and wealth by administering Health Savings Accounts (HSAs) and other consumer-directed benefits.
H1B Sponsorship
HealthEquity has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (27)
2022 (7)
2021 (1)
2020 (2)
Funding
Current Stage
Public CompanyTotal Funding
$12.5M2014-07-31IPO
2011-09-09Private Equity· $12.5M
Leadership Team
Recent News
2024-12-17
Benzinga
2024-12-03
Company data provided by crunchbase