Principal Engineer - Attack Surface Management

What success looks like in this role:

Team and Role Overview:

The Attack Surface Management (ASM) team is integral to reducing attack vectors and surfaces within the Unisys organization. We are currently in search of a Principal Engineer to lead the ASM team technically, overseeing and executing ASM processes and collaborating with Intel and Offensive Security team in their projects, participating penetration testing. This role involves collaborating with other security teams to identify and refine processes, review existing architecture, identify gaps and recommend security enhancements, while also providing guidance and mentorship to team members. Additionally, managing security posture in the cloud, necessitating expertise in AWS, GCP, Azure, and familiarity with CIS security controls in cloud environments.

What Success Looks Like in This Role:

• Serve as the principal and technical owner of different services within the ASM function.

• Drive automation and enhancement of ASM processes.

• Proficiency in identifying common vulnerabilities including OS, Web, API, and Infrastructure.

• Familiarity with Multi-Cloud Infrastructures and Services, with knowledge of implementing CIS controls for Cloud and OS.

• Understanding of common web application frameworks and web-based APIs.

• Experience with scripting languages such as Bash, Python, Perl, PowerShell, etc.

• Solid grasp of Open-Source Intelligence (OSINT) gathering techniques to support ASM activities.

• Ability to manage, organize, analyze, and present large amounts of data effectively.

• Capability to work efficiently with minimal supervision.

• Strong understanding of common vulnerabilities and testing methodologies.

• Aptitude for communicating broader risks associated with vulnerabilities.

• Working experience with Cloud Security Posture Management tools like Wiz, CrowdStrike, etc.

#LI-SP2

You will be successful in this role if you have:

• A Bachelor’s or Master’s degree in Computer Science, Information Systems, or a related field, or equivalent work experience.

• 10+ years of experience in security, especially in preventive security such as application security, penetration testing, and vulnerability management.

• Experience in security project management.

• A commitment to continuous learning to stay updated with the evolving threat and adversary landscape.

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.

Local employment practices and rights may vary by jurisdiction and are subject to applicable local laws. This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers.

If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at [email protected]. US job seekers can find more information about Unisys’ EEO commitment here.