Attack Surface Management Engineer

LastPass, the #1 password leader, provides password and identity management solutions that are convenient, easy to manage, and effortless to use, helping more than 32 million users and 100,000 businesses organize and protect their online lives. As a pioneer in cloud security technology, LastPass provides award-winning password and identity management solutions that are convenient, effortless, and easy to manage. LastPass values users’ privacy and security, so your sensitive information is always hidden – even from us.

We welcome new ideas, support your growth, and recognize your value. If this aligns with what you are looking for in your next career move, Join Us!

LastPass is looking for a Senior Attack Surface Management Engineer:

The LastPass security team is seeking an experienced Attack Surface Management Engineer to help ensure the security of our company and user’s data. As a member of the Trust & Security team, you will collaborate with other security professionals, engineering, and operational teams to develop and maintain the Attack Surface Management platforms, as well as implement processes to identify and assess potential risks and vulnerabilities across the organization's attack surface. Your role will be to evaluate the context-aware risk of assets, prioritize remediation efforts, and work closely with vulnerability management, incident response, and threat intelligence teams to ensure a timely and effective response to security threats and incidents. In addition, you will aid in the development of a robust vulnerability management program, ensuring that the organization meets the highest security and compliance standards while fostering a culture of security and resilience.

If you are passionate about complex problem solving and motivated by scale, then this is the role for you!

Who will you work with?

You will be part of our Security Posture and Attack Surface Engineering & Research (SPASER) team, collaborating closely with the wider Trust & Security teams. Your focus will be on building robust and effective attack surface and vulnerability management programs and providing support to, as well as actively cooperating with, other critical security functions such as vulnerability management, threat intelligence, forensics, incident response, detection and response, and security engineering. You will also work closely with various engineering and operational teams across the organization as part of the vulnerability management lifecycle, to assist in the resolution of vulnerabilities and propose improvements to our security posture.

What are some of the exciting challenges you will be working on?

1. Develop and implement a comprehensive Attack Surface Management program that covers all security-relevant IT assets, including hardware, systems, services, software, data, identity roles, groups and accounts, and other on-premises and cloud-based assets within the organization's environment.
2. Identify the requirements, implement and manage a comprehensive Cybersecurity Asset/Attack Surface Management platform, leveraging industry-leading technologies, to provide an accurate and up-to-date status of the IT organization’s environment and its security posture.
3. Ensure the platform provides comprehensive visibility into the organization's entire attack surface, including all assets, vulnerabilities, and potential threats, enabling a better understanding of potential risks and a more proactive approach to risk management.
4. Leverage automation processes to discover, retrieve, populate, reconcile, and enrich the asset inventory, streamlining processes and improving accuracy.
5. Collaborate with stakeholders across the organization to identify and comprehend their security-related asset information needs. Implement the necessary integrations and automation processes to enrich asset information, such as ownership, security requirements, information classification, and business criticality.
6. Integrate a variety of security tools, such as vulnerability scanners, cloud security posture management, and threat intelligence platforms, to detect potential weaknesses and vulnerabilities, emerging threats, and their context and impact on the organization.
7. Develop and implement processes to continuously monitor and assess the organization's attack surface, allowing for the early identification of potential security risks and prioritize remediation efforts based on the business impact of the risk to enable a proactive risk management approach.
8. Collaborate closely with the Vulnerability Management team to effectively identify, prioritize, and remediate identified vulnerabilities and security risks. This includes developing and implementing strategies and processes to support timely and effective remediation, tracking progress, and ensuring that remediation efforts are properly documented and reported.
9. Stay current on emerging threats, trends, and technologies related to vulnerability management and cybersecurity, and update vulnerability testing methodologies accordingly.
10. Collaborate closely with other security teams, such as incident response and threat intelligence, to promptly respond to security threats, risks, and incidents in a coordinated and effective manner.
11. Provide support to compliance and audit teams regarding attack surface management and vulnerability management programs to ensure compliance with industry standards and regulatory requirements.

What does it take to work at LastPass?

1. Prior demonstrable experience conducting vulnerability assessments and related security testing.
2. Experience with industry-leading vulnerability management tools, techniques, and methodologies.
3. Experience working with cloud-based environments and containerized workloads based on Docker and Kubernetes.
4. Experience with vulnerability analysis in cloud hybrid/native environments, including familiarity with cloud-specific security controls and best practices, and some experience with cloud security assessment tools and techniques.
5. Proficiency with scripting languages and programming languages commonly used in vulnerability management, such as Python, PowerShell, or Bash, is expected for the development and maintenance of trade-craft tools.
6. Technical experience in integrating multiple systems using REST APIs and other connectors to gather data from different sources, including cloud environments, network devices, and applications, and consolidate them into a centralized platform.
7. Understanding of Attack Surface Management (ASM) concepts, goals, and principles to ensure effective identification, assessment, and remediation of security risks.
8. Being passionate about security and having a knack for finding security vulnerabilities.
9. Good written and verbal communication skills in English, with the ability to effectively communicate and collaborate with key stakeholders.

It’s great, but not required:

1. Previous experience working with industry Cybersecurity Asset Management (CAM)/Attack Surface Management (ASM) platforms is nice to have.
2. Familiarity with OWASP vulnerability management and security testing guides/standards.
3. Cloud security-focused certifications such as AWS Certified Security or other specialty certification or similar.

Why LastPass?

1. High-growth, collaborative environment with inclusive teams.
2. Remote-first culture.
3. Competitive compensation.
4. Private health insurance, dependents included.
5. Monthly self-care days (12 extra paid days off annually), volunteering days, pet leave.
6. Home office setup support.
7. LastPass families free account up to 5 members.
8. Continuous learning and development opportunities.

If this piques your interest, apply today and chat with our recruitment team further.

We’re building an inclusive community that reflects the people of all races, genders, sexual orientations, national origins, backgrounds, and perspectives who share our world.