Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s)
Hands-on experience architecting, maturing, and automating CI/CD pipelines end-to-end
Experience with penetration testing, vulnerability management, and security tooling
Proficiency in scripting for automation and data enrichment (e.g., Python, PowerShell)
Requirements:
External Attack Surface Management (EASM) experience with Defender EASM, Cortex Xpanse, and CyCognito
Reconnaissance and internet-scale asset discovery, including certificate transparency, DNS enumeration, WHOIS data, threat intel feeds, and active reconnaissance (port scanning, fingerprinting, banner analysis)
Breach and Attack Simulation (BAS) and scenario engineering using MITRE ATT&CK, AttackIQ, SafeBreach, or Cymulate
Translate findings into actionable risk reduction with remediation guidance mapped to controls (firewalls, IAM, DNS, PKI/TLS, SOAR) and frameworks like NIST/MITRE
Job description
Our Client, a Commercial Banking company, is looking for a Cybersecurity Engineer for their Remote location.
Responsibilities:
External Attack Surface Management (EASM) Experience - Microsoft Defender EASM, Cortex Xpanse, and CyCognito
Reconnaissance and Internet-Scale Asset Discovery - techniques such as certificate transparency logs, DNS enumeration, WHOIS data, and threat intelligence feeds with active reconnaissance like port scanning, service fingerprinting, and banner analysis
Breach and Attack Simulation (BAS) and Scenario Engineering - MITRE ATT&CK, AttackIQ, SafeBreach, or Cymulate
Translating Findings into Actionable Risk Reduction - clear remediation guidance tied to specific controls—firewalls, IAM, DNS, PKI/TLS, SOAR, or detection rules - frameworks like NIST and MITRE
Automation, CI/CD, and Engineering Maturity - CI/CD pipelines using tools like GitLab, GitHub, Jenkins, Terraform, and cloud-native services in AWS or Azure, Python, PowerShell, and Bash
Lead EASM validation and engineering: Investigate and reproduce findings from EASM platforms (e.g., exposed services, misconfigurations, weak crypto, DNS issues, leaked assets)
The Cybersecurity Engineer (Attack Surface Management) is responsible for designing, implementing, and maturing advanced security validation capabilities to safeguard enterprise systems and applications.
This role focuses on continuous security validation through External Attack Surface Management (EASM) tools, integration with existing security infrastructure, and providing actionable insights to strengthen the firm’s cyber resilience.
The engineer partners with cross-functional teams to simulate real-world adversarial tactics, techniques, and procedures (TTPs), evaluate control effectiveness, and recommend enhancements that align with enterprise risk management and regulatory standards.
Requirements:
Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s).
Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle.
Experience with penetration testing, vulnerability management, and security tools.
Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).
Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s)
Bachelor’s degree and twelve years of experience or an equivalent combination of education and work experience
Banking or financial services experience
Experience in designing and executing Attack Scenarios: Plan and conduct realistic cyberattack simulations that mimic real-world threat actor tactics, techniques, and procedures (TTPs).
Analyze Simulation Results: Evaluate the outcomes of BAS, identifying weaknesses in security controls, vulnerabilities, and gaps in detection and response capabilities.
Provide Actionable Recommendations: Develop and present recommendations to improve security policies, procedures, and technologies based on simulation findings.
Document and Communicate: Maintain documentation of BAS methodologies, procedures, and results, and communicate findings to technical and non-technical stakeholders.
Collaborate with Security Teams: Work with security analysts and engineers to adjust alerts, rules, and controls based on simulation results.
Advanced Threat Hunting and Intelligence: Utilize threat intelligence to inform attack scenarios and identify emerging threats.
Vulnerability Management: Identify, prioritize, and recommend remediation of high-risk vulnerabilities.
Red Teaming and Blue Teaming: May also participate in red, purple, and blue team exercises to further evaluate security posture.
Strong understanding of cybersecurity concepts, including attack vectors, TTPs, and security controls.
Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle
Experience with penetration testing, vulnerability management, and security tools.
Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).
Knowledge of common threat intelligence sources and frameworks.
Excellent analytical, problem-solving, and communication skills.
Ability to work independently and as part of a team.
Experience with cybersecurity frameworks and standards (e.g., NIST, MITRE ATT&CK and D3FEND).
Experience with GRC engineering
Strong knowledge of cloud security (AWS/Azure), PKI/TLS hygiene, DNS hardening, and external service posture.
Hands-on experience with EASM platforms (e.g., Defender EASM, Cortex Xpanse, CyCognito, etc.) and strong understanding of internet-scale asset discovery
Hands-on experience with vulnerability engineering or external attack surface security, with proven leadership in complex environments
Experience with commercial BAS tools: AttackIQ, SafeBreach, Cymulate, etc.
ICONMA is an Equal Opportunity Employer. All qualified applicants will receive considerationfor employment without regard to any status protected by applicable law.
