This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Join our Proactive Defence team as an Enterprise Security Posture Management SME, leading capabilities across Attack Surface Management (ASM), Attack Path Management (APM), and Breach & Attack Simulation (BAS) within the CISO organization. You will drive a proactive, threat-informed approach to exposure management, helping the bank identify, prioritise, and reduce exploitable security risk through greater visibility, attack path analysis, and continuous control validation. This role is critical to shifting from reactive vulnerability management to proactive exposure reduction by providing continuous visibility of the attack surface, mapping how attackers can move through the environment, and validating security controls through adversary simulation. In doing so, you will help the organization identify, prioritise, and reduce exploitable security risk in a way that is threat-informed, measurable, and directly tied to business impact.
Job Responsibility
leading capabilities across Attack Surface Management (ASM), Attack Path Management (APM), and Breach & Attack Simulation (BAS) within the CISO organization
driving a proactive, threat-informed approach to exposure management
helping the bank identify, prioritise, and reduce exploitable security risk through greater visibility, attack path analysis, and continuous control validation
Requirements
Ability to continuously identify internet-facing assets, shadow IT, domains, subdomains, certificates, cloud services, APIs, SaaS exposures, third-party-hosted assets, and assets with unclear ownership
Ability to prioritise the most material exposures by combining exploitability, business criticality, asset ownership, threat intelligence, vulnerability data, and likelihood of attack
Ability to enrich attack surface findings with attacker techniques, active exploitation trends, KEV data, offensive security teams findings, and sector-specific threat intelligence
Nice to have
Hands-on experience with EASM/ASM platforms
Experience using tools such as external attack surface management, CAASM, vulnerability management, cloud posture, and exposure management platforms
Understanding of common attack surface risks across AWS, Azure, GCP, Entra ID, Active Directory, Kubernetes, APIs, internet gateways, and exposed management interfaces
Ability to use BAS outputs to validate whether identified exposures are exploitable, test control effectiveness, simulate attacker behaviours, and support evidence-based prioritisation