Attack Surface Management Specialist

Join to apply for the Attack Surface Management Specialist role at Mimecast

The organization is seeking an advanced Attack Surface Management (ASM) professional to join Mimecast's Information Security organization as a Senior ASM Specialist
. This is a strategic, hands-on role leading the design, implementation, and continuous improvement of attack surface reduction initiatives. The successful candidate will bring strong technical expertise in ASM methodologies and broad project management capabilities.

• Lead the design and evolution of comprehensive attack surface management strategies aligned with organizational risk reduction targets
• Architect ASM discovery, monitoring, and validation frameworks that identify and track external assets across cloud, network, and application environments
• Develop and implement advanced detection methodologies for shadow IT and rogue assets
• Establish baseline metrics and KPIs for attack surface visibility and coordinate their achievement across security operations teams

• Make improvements to existing ASM processes, tools, and workflows; own the end-to-end execution of these enhancements, improve automation
• Evaluate and drive adoption of new ASM tooling, platforms, and technologies
• Improve team efficiency and document standard operating procedures

• Communicate with security operations, vulnerability management, infrastructure, development, and business teams to establish priorities
• Gain organizational cooperation on the adoption of new ASM processes and procedures by clearly demonstrating business value
• Coordinate with external stakeholders including cloud service providers, domain registrars, and security vendors
• Partner with the vulnerability management function to ensure all assets are properly scanned, classified, and prioritized

• Ensure attack surface visibility feeds directly into vulnerability management workflows and Jira tracking systems
• Prioritize discovered assets and vulnerabilities using business impact, EPSS scoring
• Support executive reporting on attack surface reduction progress
• Maintain oversight of critical vulnerabilities tied to external-facing assets and coordinate remediation timelines

• Manage complex, multi-phase ASM initiatives with general oversight; define scope, timelines, resource requirements, and success criteria
• Lead projects such as cloud security posture assessments, third-party risk management integrations, or regional attack surface reduction campaigns
• Work with minimal day-to-day direction; escalate strategic decisions and blockers appropriately to leadership
• Track project health through metrics and maintain stakeholder visibility on progress and risks
• Incorporate relevant threat intelligence into attack surface prioritization decisions
• Ensure processes align with compliance (SOC 2, ISO 27001, regional data protection)
• Contribute to security assessments and audit responses related to external assets

• 6+ years of experience in information security, with at least 4 years directly focused on attack surface management, external vulnerability management, or asset discovery
• Advanced technical knowledge, methodologies and tools (e.g., Tenable, Shodan, Rapid7 Insight VM, Qualys VMDR, or similar platforms)
• Broad knowledge of project management methodologies; experience managing complex, multi-stakeholder initiatives, ability to design and implement process improvements
• Strong understanding of cloud security (AWS, Azure, GCP), network reconnaissance, and vulnerability assessment
• Excellent written and verbal communication skills; ability to explain complex security concepts to technical and non-technical audiences
• Experience with JIRA, vulnerability management workflows, and security automation tools
• Bachelor's degree in Computer Science/Information Security or equivalent professional experience
• Experience with threat intelligence platforms and CSIRT coordination
• Knowledge of OWASP, NIST Cybersecurity Framework, or similar security standards
• Experience in a large SaaS organization with distributed…