Security Analyst Consultant - Attack Surface Management

About Kalles Group

Everyone deserves to be secure. Our mission at Kalles Group is to help secure the future for companies of all shapes and sizes. While our expertise spans multiple disciplines, our method remains consistent: building trust and relationship with people – whether you are a client, a consultant, or–in this case–a candidate. No matter what role you come from–whether you’re an executive or just starting your career-you can expect our highest level of attention and respect. We want to find the right fit for each role, but we also want you to find the right fit for your career. We believe the best way to show you what our team is like is to treat you like you’re already a part of it. We hope you’ll consider joining our team of experienced professionals who are building their careers at Kalles Group—and having fun while doing it.

What You Will Do

As a Senior Security Analyst Consultant – Attack Surface Management, you will lead and evolve our client’s enterprise Attack Surface Management (ASM) program, helping reduce cyber risk through proactive discovery, analysis, automation, and collaboration. This is a highly visible role that combines strategic leadership with hands-on technical execution, requiring expertise across vulnerability management, cloud security, threat intelligence, and offensive security disciplines.

You will be responsible for developing a comprehensive view of the organization’s attack surface, identifying opportunities to reduce exposure, and driving remediation efforts in partnership with engineering, cloud, DevOps, and security teams. Leveraging data, automation, and threat intelligence, you will help prioritize risk reduction initiatives while influencing architectural decisions that strengthen the organization’s security posture. This role is ideal for someone who enjoys building programs, solving complex security challenges, and partnering across the enterprise to create meaningful security outcomes.

Key Responsibilities

• Lead and mature the organization's Attack Surface Management (ASM) program, identifying opportunities to expand capabilities and improve visibility.
• Develop and maintain a comprehensive understanding of the enterprise attack surface across cloud, network, and application environments.
• Continuously identify, assess, and prioritize vulnerabilities and exposures based on business and security risk.
• Partner with security, engineering, infrastructure, and cloud teams to drive remediation efforts and reduce risk.
• Leverage metrics and analytics to measure program effectiveness and inform risk-based decision making.
• Conduct external reconnaissance activities, OSINT research, and threat intelligence analysis to identify potential exposure points.
• Monitor emerging threats, attacker techniques, and industry trends to proactively strengthen defensive capabilities.
• Collaborate with Application Security, DevOps, and Cloud Engineering teams to promote secure-by-design practices.
• Contribute to incident response investigations and post-incident analysis as needed.
• Design and implement automation solutions that improve visibility, efficiency, and risk management workflows.
• Develop and maintain operational standards, procedures, documentation, and runbooks.
• Mentor team members and share expertise across security domains.
• Support compliance initiatives including PCI DSS, SOC 2, and related regulatory requirements.
• Validate security controls and identify opportunities for continuous improvement.

About You: Values

• Integrity: You believe in doing the right thing, even when it’s uncomfortable, seemingly inefficient, or costly.
• Purposefulness: You have a desire to serve others with your skillset and an openness to continuous learning and growth.
• Ownership: You stick to your commitments, follow up with action, and seek clarity in communication & expectations.

Your Experience

Required Qualifications

• 6+ years of experience in cybersecurity, including security operations, threat hunting, offensive security, red teaming, or related disciplines.
• Experience building, scaling, or leading Attack Surface Management (ASM) capabilities and programs.
• Strong understanding of vulnerability management methodologies and risk prioritization frameworks.
• Experience working within multi-cloud environments, including AWS, Azure, and GCP.
• Deep knowledge of attacker tactics, techniques, and procedures (TTPs) and frameworks such as MITRE ATT&CK.
• Expertise in network security, cloud security, attack path analysis, and external attack surface discovery.
• Experience conducting OSINT, reconnaissance, and threat intelligence activities.
• Proficiency with scripting and automation technologies such as Python and PowerShell.
• Strong understanding of enterprise infrastructure, application architectures, and data flows.
• Ability to evaluate and influence architectural decisions that reduce organizational risk.
• Experience leading cross-functional security initiatives and driving collaboration across multiple teams.
• Excellent written and verbal communication skills with the ability to communicate effectively with both technical and non-technical stakeholders.
• Strong analytical and problem-solving skills with a data-driven approach to risk management.

Preferred Qualifications

• Industry certifications such as CISSP, OSCE, GREM, or similar cybersecurity credentials.
• Experience applying AI and automation technologies to security operations or attack surface management programs.
• Experience with cloud-native security platforms and exposure management tooling.
• Familiarity with threat modeling, purple teaming, or advanced adversary simulation exercises.
• Experience working in large-scale enterprise environments with complex security requirements.

What We Offer

• The annual salary range for this role is $110,000-$140,000.
• We offer Medical, Dental, Vision plans, 401K with matching, and PTO for salaried employees.
• Work/life balance – we know there’s more to life than work! We encourage our team to pursue other passions, get outside, and spend time with family. We work with clients and consultants to set expectations for a manageable workload.

Location

This role can be remote, but we have a strong preference for clients who live in Seattle, WA.

How to Apply

Please fill out the form below (including uploading your most recent resume) and we’ll be in touch! We know imposter syndrome can be a barrier to many great applicants. We hope you’ll still consider applying. That’s why we’ve made the application process as short and simple as possible. Even if you’re not a fit for the role, you can expect to hear back from us! We want you to have the best experience as a candidate, so please feel free to share feedback at any stage of the process to talent@kallesgroup.com.

Equal Opportunity Employer

Kalles Group is an equal-opportunity employer and does not discriminate on the basis of creed, nationality, race, ethnicity, disability, gender, or other protected class.