Senior Security Analyst

Confiz is seeking a Lead Attack Surface Analyst to drive the reduction of the organization’s attack surface through continuous visibility, risk prioritization, and proactive remediation of vulnerabilities and exposures. This role works closely with cybersecurity and technology teams to identify, escrow, and mitigate high-risk issues while advancing automation and secure-by-design practices across the technology landscape. The ideal candidate will play a key role in strengthening the Attack Surface Management program and enhancing overall security posture.

• Lead the evolution and expansion of the Attack Surface Management (ASM) program, identifying gaps and implementing scalable solutions and new capabilities.
• Drive continuous improvement of ASM processes, methodologies, and toolsets, with a strong focus on automation and operational efficiency.
• Develop and maintain cybersecurity standards, ASM procedures, and operational runbooks.
• Collaborate with Incident Response teams to refine processes and actively support investigations and mitigation efforts.
• Partner with Application Security, Dev Ops, and Cloud teams to embed security best practices into system and software design.
• Maintain a comprehensive and continuously updated map of the organization’s attack surface through OSINT, reconnaissance, and dark web monitoring.
• Lead enterprise-wide, risk-prioritized initiatives to reduce vulnerabilities and exposures, including recommending architectural improvements.
• Define, track, and present key metrics to measure attack surface risk and operational performance.
• Automate workflows and integrate security tools to enhance efficiency and scalability.
• Contribute to team development through mentorship, knowledge sharing, and training initiatives.
• Lead compliance activities, including control validation, evidence collection, and support for audits (e.g., PCI, SOC
  2).
• Stay current with emerging threats, technologies, and industry practices through continuous learning and professional development.

• Bachelor’s or Master’s degree in Information Technology, Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• 6+ years of experience in cybersecurity operations, red teaming, or threat hunting.
• Deep understanding of the MITRE ATT&CK framework, threat actor tactics, techniques, and procedures (TTPs), and common attack vectors.
• Strong expertise in attack surface management, vulnerability management, cloud security, network security, and cyber hygiene.
• Experience implementing security controls across multi-cloud environments (AWS, Azure, GCP).
• Advanced knowledge of enterprise IT architecture, networking, system administration, and data flows across systems.
• Proficiency in scripting and automation (e.g., Python, Power Shell) to enhance operational efficiency.
• Hands-on experience with OSINT and reconnaissance methodologies.
• Familiarity with offensive security methodologies and ethical hacking practices.
• Strong understanding of regulatory and compliance frameworks (e.g., PCI, SOC
  2) and associated controls.
• Experience developing and scaling attack surface management capabilities, including mentoring junior analysts.
• Knowledge of integrating security into CI/CD pipelines and modern Dev Sec Ops  practices.
• Strong leadership, communication, and stakeholder management skills.
• Preferred certifications: OSCE, GREM, CISSP.
• Awareness of emerging technologies, including the application of AI within the attack surface management domain.