Cyber Security Specialist at Mimecast

About the Role

• As a Cyber Security Specialist, you will play a pivotal role in proactively identifying, evaluating, and reducing the attack surface of our organization. Reporting to the Senior Director of Security Operations, you will leverage cutting-edge tools, threat intelligence, and cross-functional collaboration to ensure our external and internal digital assets are continuously monitored, inventoried, and protected.

What You'll Do

• Attack Surface Discovery: Continuously identify and catalogue all external and internal assets (cloud, on-premises, IoT, third-party systems, etc.) using automated and manual discovery techniques.
• Vulnerability Management: Evaluate discovered assets for vulnerabilities and misconfigurations; prioritize remediation efforts based on risk and business impact.
• Threat Intelligence Integration: Correlate attack surface data with threat intelligence to contextualize findings and anticipate emerging risks.
• Attack Surface Reduction: Partner with IT, DevOps, and application teams to minimize unnecessary exposures and streamline asset footprint.
• Incident Response Support: Provide asset and exposure data during security incident investigations to enable rapid containment and remediation.
• Reporting & Metrics: Develop and present clear, actionable reports and dashboards for technical and executive audiences, including trend analysis and attack surface KPIs.
• Tool Evaluation & Management: Assess, deploy, and manage Attack Surface Management (ASM) platforms and related technologies.
• Policy Development: Contribute to security policies, standards, and best practices surrounding asset inventory and exposure management.
• Awareness & Training: Educate stakeholders on attack surface risks and mitigation strategies.
• Security Strategy: support the successful execution of the Security Strategy.

What You'll Bring

• Experience: 3+ years in cyber security, with a focus on attack surface management, asset discovery, or vulnerability management in a large enterprise or technology environment.
• Technical Skills: Strong understanding of networking, web technologies, cloud platforms (AWS, Azure, GCP), and security tooling (ASM, EDR, SIEM, etc.) and vulnerability scanning tools.
• Analytical Abilities: Proficient in risk assessment, data analysis, and correlating technical findings with business risk.
• Collaboration: Demonstrated ability to work with cross-functional teams, including IT, application development, and business units.
• Certifications: Relevant security certifications preferred (e.g., CISSP, OSCP, GIAC, CompTIA Security+).
• Communication: Excellent written and verbal communication skills; ability to convey complex technical issues to diverse audiences.
• Familiarity with regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS) and how they impact asset and exposure management.
• Experience with automation and scripting for asset discovery and reporting (e.g., Python, PowerShell).
• Background in incident response and digital forensics.