Attack Surface Reduction Analyst

Attack Surface Reduction Analyst

Swedium Global is looking for Attack Surface Reduction Analyst
Period from: 2025-08-01
Period to: 2026-01-31
Job description:

Attack Surface Reduction (ASR) Analyst

Purpose of the Role

The ASR Analyst is an entry-to-mid-level role focused on supporting the organization's attack surface reduction (ASR) efforts. This role involves conducting vulnerability scanning, attack path analysis, and penetration testing while participating in remediation campaigns to address identified risks. The ASR Analyst collaborates with cross-functional teams to ensure the organization's attack surface is proactively managed and aligned with security best practices, DevSecOps principles, and compliance standards.

Responsibilities

• Perform vulnerability scanning across cloud, on-premise, and containerized environments, ensuring comprehensive coverage.
• Assist in attack path analysis to identify potential risks, prioritize vulnerabilities, and recommend mitigation strategies.
• Support penetration testing activities, including internal and external testing, under the guidance of senior analysts.
• Deploy, configure, and manage security tools (e.g., Qualys, Prisma Cloud, Tenable) to enhance the organization's security posture.
• Contribute to remediation campaigns, tracking progress, coordinating with stakeholders, and ensuring timely resolution of vulnerabilities.
• Document findings, prepare detailed technical reports, and communicate actionable insights to stakeholders.
• Collaborate with cross-functional teams to integrate security policies and standards into DevSecOps pipelines and operational processes.
• Support cloud security assessments, container security reviews, and digital shadow monitoring to identify and mitigate external threats.
• Assist in implementing CI/CD security controls, ensuring secure software development and deployment practices.
• Participate in automation initiatives, leveraging tools to streamline vulnerability management, patching, and security monitoring.

Qualifications & Experience:

• 2-4+ years in cybersecurity, offensive security, or IT-related field
• Skills and Abilities:
• Secure operations and service delivery (80% of CIISec Level 3 of Primary Skills).
• Foundational knowledge of vulnerability management, penetration testing, and attack surface monitoring.
• Basic understanding of DevSecOps, CI/CD pipelines, and container security.
• Foundational understanding of cloud security and secure software development.
• Certifications:

• OSCP, CompTIA Security+, GIAC Certified Penetration Tester (GPEN), CEH or equivalent.
• Cloud foundational certifications (e.g., Microsoft AZ-900, AWS Certified Cloud Practitioner).
• Optional:

Certificate of Cloud Security Knowledge (CCSK), Azure Security Engineer-AZ500, AWS Security Specialist, or Certified Kubernetes Security Specialist (CKS).

Role-Specific Skills

• Vulnerability Management: Proficiency in tools like Qualys, Nessus, and Prisma Cloud for identifying and mitigating vulnerabilities.
• Attack Surface Monitoring: Foundational knowledge of monitoring tools and processes to identify risks across the organization's digital footprint.
• Penetration Testing: Familiarity with methodologies and tools (e.g., Metasploit, Burp Suite) to simulate adversarial tactics and uncover security gaps.
• Cloud Security: Basic understanding of securing cloud-based services (e.g., AWS, Azure, GCP) and implementing cloud-native security solutions.
• Container Security: Foundational knowledge of securing containerized environments (e.g., Docker, Kubernetes) and implementing runtime security controls.
• DevSecOps: Understanding of integrating security into CI/CD pipelines, including automated testing and secure deployment practices.
• Data Protection: Knowledge of data classification, encryption, and compliance with standards like GDPR and CCPA.

Key Behaviors

• Technical Proficiency: Demonstrates foundational skills in vulnerability scanning, penetration testing, and security tool management while showing curiosity to learn new security technologies.
• Analytical Thinking: Applies logical reasoning to identify patterns in vulnerability data, demonstrates attention to detail in security assessments, and prioritizes vulnerabilities based on risk level.
• Communication: Documents technical findings clearly, communicates security concepts effectively to various stakeholders, and actively incorporates feedback from senior team members.
• Collaboration: Works effectively with cross-functional teams to integrate security into development processes and supports remediation efforts by coordinating with system owners.
• Continuous Improvement: Regularly updates knowledge of emerging threats and security practices while seeking opportunities to enhance skills in cloud security, container security, and DevSecOps.
• Initiative & Problem-Solving: Proactively identifies security issues, takes ownership of assigned tasks, and applies creative thinking to develop practical solutions for identified vulnerabilities.
• Ethical Conduct & Reliability: Maintains confidentiality of sensitive security information, adheres to security policies, and consistently delivers quality work within established timeframes.

• Location : Bangalore, Karnataka
• Vacancy : 1
• Key Skills : Cyber Security, Azure, Devsecops, CI/CD