Lead and mature the organization's Attack Surface Management (ASM) program , identifying opportunities to expand capabilities and improve visibility
Develop and maintain a comprehensive understanding of the enterprise attack surface across cloud, network, and application environments
Continuously identify, assess, and prioritize vulnerabilities and exposures based on business and security risk
Partner with security, engineering, infrastructure, and cloud teams to drive remediation efforts and reduce risk
Leverage metrics and analytics to measure program effectiveness and inform risk-based decision making
Conduct external reconnaissance activities, OSINT research, and threat intelligence analysis to identify potential exposure points
Monitor emerging threats, attacker techniques, and industry trends to proactively strengthen defensive capabilities
Collaborate with Application Security, DevOps, and Cloud Engineering teams to promote secure-by-design practices
Contribute to incident response investigations and post-incident analysis as needed
Design and implement automation solutions that improve visibility, efficiency, and risk management workflows
Develop and maintain operational standards, procedures, documentation, and runbooks
Mentor team members and share expertise across security domains
Support compliance initiatives including PCI DSS, SOC 2, and related regulatory requirements
Validate security controls and identify opportunities for continuous improvement
ABOUT YOU:
Your values:
Integrity: You believe in doing the right thing, even when it's uncomfortable, seemingly inefficient, or costly.
Purposefulness: You have a desire to serve others with your skillset and an openness to continuous learning and growth.
Ownership: You stick to your commitments, follow up with action, and seek clarity in communication & expectations.
YOUR EXPERIENCE:
Required Qualifications
6+ years of experience in cybersecurity, including security operations, threat hunting, offensive security, red teaming, or related disciplines
Experience building, scaling, or leading Attack Surface Management (ASM) capabilities and programs
Strong understanding of vulnerability management methodologies and risk prioritization frameworks
Experience working within multi-cloud environments, including AWS, Azure, and GCP
Deep knowledge of attacker tactics, techniques, and procedures (TTPs) and frameworks such as MITRE ATT&CK
Expertise in network security, cloud security, attack path analysis, and external attack surface discovery
Experience conducting OSINT, reconnaissance, and threat intelligence activities
Proficiency with scripting and automation technologies such as Python and PowerShell
Strong understanding of enterprise infrastructure, application architectures, and data flows
Ability to evaluate and influence architectural decisions that reduce organizational risk
Experience leading cross-functional security initiatives and driving collabo
Additional Information
ABOUT KALLES GROUP:
Everyone deserves to be secure. Our mission at Kalles Group is to help secure the future for companies of all shapes and sizes.
While our expertise spans multiple disciplines, our method remains consistent: building trust and relationship with people -- whether you are a client, a consultant, or--in this case--a candidate.
No matter what role you come from--whether you're an executive or just starting your career-you can expect our highest level of attention and respect. We want to find the right fit for each role, but we also want you to find the right fit for your career.
We believe the best way to show you what our team is like is to treat you like you're already a part of it . We hope you'll consider joining our team of experienced professionals who are building their careers at Kalles Group-and having fun while doing it.
Kallesgroup · Seattle, WA