Attack Surface Management Engineer

What we need…

WithSecure are looking for a ASM engineer to join our growing ASM team. We are looking for security professionals who have a passion for reconnaissance, keeping up to date with emerging attack techniques and finding new ways that businesses can be targeted.

Our hunting differs from traditional pentesting – instead of deep-dive analysis, we look at the big picture, and try to answer the question “if I was trying to target this organization, what would I do?” To do that, we need people who can think like a real attacker and work with our clients to understand what they see.

To succeed at WithSecure and help our clients with their challenges you will need to be geared up with the following:

A passion for security! You love computers, you love security and you love hacking things and solving problems. If this weren’t your job it would be your hobby.

Self-motivation! You’re not going to be told what to do all the time. You are capable of figuring out what is of benefit to WithSecure and our clients and then run with it. We will give you the tools to succeed, but it is up to you to apply them.

Communication skills! How can we add value to our clients’ organizations unless we can tell them what we did, how we did it and how they can fix it? But communication also extends to sharing your knowledge with your colleagues and the wider industry.

Job duties:

• Actively monitoring threat intelligence feeds
• Open-scope hunting based on gathered threat intelligence
• Ongoing OSINT gathering, reconnaissance and analysis
• Work collaboratively with clients to secure their perimeter against cyber threats
• Contribution to research and tool development
• Hypothesis driven investigations

Bonus points:

• Previous security experience including consulting, threat hunting, soc analysis, tool development, OSINT
• Deep understanding of security principles
• CREST and/or Offensive Security certifications like OSCP, OSEP, OSCE