Attack Surface Management (ASM) Analysts deliver our managed Polus Attack Surface Management service to our clients on a continuous basis to help them reduce risks to their internet-facing assets. This involves validating vulnerabilities, performing manual discovery of their attack surface and helping our clients interpret prioritised findings. Our aim is to become trusted advisors to our clients. 

You will help our clients to build cyber resilience, enhance their understanding of the threat landscape and become better prepared to face dynamic and evolving security risks. This will involve being on the front foot of new and emerging threats, and ensuring our clients receive quick feedback as to whether they may be affected and actions they can take. 

1. Main Duties and Responsibilities 

The main responsibilities of this role will include working closely with the ASM practice lead and Customer Success Managers to ensure that a high value service is delivered to clients. This will include: 

• Technical testing; vulnerability scanning, attack surface discovery, manual exploit validation, light-touch pentesting and Open-Source Intelligence (OSINT) gathering 

• Client Engagement; translating client challenges into solutions that fit S-RM’s ASM service offerings and value proposition, understanding and supporting the proposal process and ensuring delivery timelines are understood inline with project resourcing requirements 

• Reporting; Delivering findings in a range of formats, including via the Polus ASM platform, via written report and also through Quarterly Service Reviews 

You will also be required to keep abreast of threat intelligence developments, and work closely with S-RM’s Threat Intelligence and Incident Response teams to integrate key data points into our service.  

Support to other teams will be required where ASM is used as a value-add to assessment-based engagements in our Risk & Resilience practice, and also where ASM is used to support incident investigation with our Incident Response practice.  

You will be required to work closely with the other managed service teams (Managed Detection and Response and Cyber Threat Intelligence) to ensure that managed service delivery is unified across all three offerings. Through this, you will also be given the opportunity to support and shape the development of the service, by working with the ASM practice lead, managed service teams and technical development teams to identify opportunities for innovation and improvement. 

1. Who are we looking for? 

We are looking for individuals keen to keep their finger on the pulse when it comes to the latest threats and vulnerabilities, with good client-facing skills needed to provide long term support to the organisations we work with. We’re not looking for prior Attack Surface Management experience (although bonus points if you do), but we’re looking for individuals who may fall into the following profiles with regards to experience: 

• Pentesters with a minimum of 1 year experience (including carrying out external pentests) looking to specialise in threat led approaches 

• Cyber Security Analysts with experience running vulnerability scans and triaging issues, looking to move into managed service delivery with an offensive security focus 

• Threat Intelligence Analysts with good knowledge of offensive security concepts and familiarity with running security tooling, keen to develop their technical skills 

Candidates must have permission to work in the UK by the start of their employment

OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:

Our benefits

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:

• 25 days holiday per year in addition to bank holidays (+1 day for every year of service up to a maximum of 30 days);
• Hybrid working and flexible working hours;
• Matching pension contribution up to 7% and financial education;
• Fertility treatment leave – 5 days of leave per cycle of treatment per year;
• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave – 6 weeks of full pay.
• Private dental and medical insurance (taxable benefit) for you and your family;
• Virtual GP for you and your family members that live in the same household;
• Various gym discounts for you and your partner;

The role will be based in our London office. However, we have flexible working arrangements available.

THE APPLICATION PROCESS

We want to get to know you, and for you to get to know us, to see if we’d be a good fit.  We are responsive and respectful of people’s time throughout our hiring process.

A typical application process includes:

1. Initial screening of your application by our recruiting team.
2. Interview to assess your baseline technical skills.
3. An interview to discuss your previous experience, broader competencies, and suitability for the role.

To apply for this role, please send a cover letter and CV to: Job Application for Attack Surface Management Analyst at S-RM

Who we are

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.

We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

We’re excited you’re thinking about joining us.

Working in cyber at S-RM

Our Cyber Security team is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Managed Services, Risk & Resilience, and Incident Response practices are in more demand than ever.

We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back.

We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow.

If that sounds like your kind of team, we’d like to hear from you.

The role

Our Offensive Security Consultants support our delivery consultants running our offensive security services. They help to interpret client challenges, innovate solutions, and deliver findings. Our aim is to become trusted advisors to our clients.

You will work across the full spectrum of our pen testing services, whether point in time or continuous, as well as participate in larger engagements such as red teams. You will help our clients to build cyber resilience, enhance their understanding of the threat landscape and become better prepared to face dynamic and evolving security risks.

1.1 MAIN DUTIES AND RESPONSIBILITIES

Client Engagement and Account Management

• Engage with clients to understand their cyber security challenges

• Translate client challenges into solutions that fit S-RM’s Offensive Security service offering and value proposition

• Develop an understanding of delivery timelines, project resourcing requirements and pricing

• Understand S-RM’s proposal process and lead on proposal writing and presentations in some cases

• Contribute to the expansion of client accounts and winning of new business

• Gain an understanding of S-RM’s target sectors and industries

Offensive Security 

• Penetration testing

  • Vulnerability assessments and monitoring

  • External infrastructure

  • External Attack Surface Management

  • Web application

  • API pentesting

  • Phishing and spear phishing

  • Internal pentesting

  • Mobile application pentesting (Android and iOS)

  • OT Pentesting

  • IOT Pentesting

  • Cloud Pentesting

  • Open-Source Intelligence (OSINT) gathering

• Configuration Reviews

  • Cloud configuration review

  • Application configuration review

  • Hardware build review

  • Firewall review

• Delivery & Client communications

  • Deliver findings in a range of formats, including written reports, presentations, and verbal briefings

• Threat Intelligence

  • Keep abreast of threat intelligence developments, threat actor activity and security industry developments in mitigations and tooling

  • Develop and deliver client threat profiles, threat assessments and dark web analysis

Project Management

• Support vCISO engagements, accessing the full range of S-RM’s resources and expertise

• Collaborate with incident response, ethical hacking, and digital forensics teams to integrate our services and support to clients

• Support the delivery of retainer relationships

• Support the delivery of the Attack Surface Management (ASM) service

Internal Initiatives and Strategy

• Support internal initiatives on product development, process management, tech enablement, efficiency and exploring different ways to support clients

• Contribute to the adaption of security frameworks to create innovative products

• Challenge received wisdom and existing products and services. Suggest alternative approaches where appropriate

  • Develop documentation and evolve the testing methodologies where applicable

Professional Development and Domain Knowledge

• Commit to continuous professional development and personal knowledge improvement across the full range of cyber security competencies, in line with personal utilisation targets (see Objectives)

• Complete up to one formal training course over the financial year. This is beyond internal training sessions

• Share knowledge with the wider team in line with company values, including contributing to internal training initiatives and programmes

Our benefits

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:

• 20 days paid holiday each year: in addition to public holidays, as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days.
• Flexible working: work a minimum of two days a week in the office and the remainder remotely, choose your hours between 7am and 7pm.
• Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements.
• Life Insurance: help someone you love should something happen to you. (Further details coming soon.)
• Company-paid private medical and dental insurance. (Further details coming soon.)
• Company-paid maternity, paternity and fertility treatment leave.
• Employee Assistance Programme: free access to specialist support services, including counselling, as well as an online portal of useful articles, tips and tools. Available 24/7, 365 days a year.
  
  The role will be based in our office in Kuala Lumpur. However, we have flexible working arrangements available.