Job Board

External Attack Surface Management Engineer – Remote

To apply for this job please visit


The External Attack Surface Management (EASM) Engineer is responsible for activities related to Attack Surface Management, with the goal to ensure comprehensive visibility of Experian’s attack surface and vulnerabilities.


  • Follow Attack Surface Management Engineer processes to monitor and improve visibility of the attack surface in order to detect anomalies faster and reduce incidences of cyber-attacks
  • Perform verification/validation testing for vulnerabilities in external-facing web sites, web applications, and services; demonstrate exploitation steps and verify remediation/fixes
  • Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigation techniques
  • Engage with business partners to ensure they fully understand their Attack Surface, and helps them identify prioritization of vulnerabilities
  • Develops vulnerability metrics to demonstrate coverage and remediation effectiveness
  • Identify improvements to scan coverage
  • Coordinate with IT and geographically dispersed teams’ vulnerability remediation and mitigation strategies
  • Documentation and standardization of procedures related to Attack Surface Management
  • Collect vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpreting and presenting risk.


  • Bachelor’s degree in computer science or computer engineering, or equivalent work experience.
  • 3+ years of experience in attack surface/vulnerability management role.
  • 6+ years in security and/or technology engineering roles.
  • Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, Path Traversal Attacks,
  • Remote Execution Flaws, and Authentication Flaws
  • Understanding of common web application frameworks and web-based APIs
  • Experience with one or more scripting languages such as Bash, Python, Perl, PowerShell, etc.
  • Knowledge of architecture, engineering, and operations of one or more vulnerability management tools, such as Wiz, Qualys, Rapid7 and ServiceNow.
  • Understanding of the application of the following frameworks and how they are applied to identifying and rating risk: OWASP, SANS, NIST, CIS, and MITRE ATT&CK.
  • Knowledge of major cloud platforms (AWS, Azure, or GCP).
  • Knowledge of systems hardening and other risk mitigation factors on multiple technologies and operating systems (Window, Linux, Mac, routers, switches, Kubernetes).
  • Working knowledge of networking standards and protocols: IPv4 IPv6, TCP/IP, DNS, HTTPS, TLS, BGP, Firewalls and NAT, SMTP, VPN, ICMP, SSH, IPSec, etc.
  • Certification that could be helpful but not required: CISSP, Security+, CEH, GIAC certifications.
  • Ability to provide creative solutions to complex problems
  • Ability to clearly communicate risk of vulnerabilities to all levels within an organization.
  • Experience selecting and deploying product
  • Outstanding writing and documentation skills

All your information will be kept confidential according to EEO guidelines.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe.  See our DEI work in action!

In addition to a competitive base salary and variable pay opportunity, Experian offers a comprehensive benefits package including health, life and disability insurance, generous paid time off including 12 company paid holidays and parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

Experian Careers – Creating a better tomorrow together

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above.  Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience and education.  This position is also eligible for a variable pay opportunity and a comprehensive benefits package which includes health, life and disability insurance, generous paid time off including paid parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. We’re passionate about unlocking the power of data to transform lives and create opportunities for consumers, businesses, and society. For more than 125 years, we’ve helped people and economies flourish – and we’re not done.

We take our people’s agenda very seriously. We focus on what truly matters; diversity and inclusion, work/life balance, flexible working, development, collaboration, wellness, reward & recognition, volunteering, making an impact… the list goes on. See our DEI work in action!

The power of YOU. We are building a culture where everyone is comfortable bringing their whole self to work. A place where we not only respect our differences and values but celebrate them in a positive and supportive environment.

Find out what is like to work for Experian and discover the Unexpected!

Tagged as: attack surface management, cybersecurity, vulnerability management

To apply for this job please visit