Contract OUTSIDE IR35 - Attack Surface Management (ASM) Consultant
Hybrid
England, United Kingdom
Freelance
06-01-2025
Job Specifications
We are looking for an experienced Attack Surface Management (ASM) Consultant to lead efforts in identifying, monitoring, and reducing the organization's digital attack surface. In this role, you will assess the exposure of assets, evaluate potential vulnerabilities, and work with cross-functional teams to implement risk mitigation strategies. You will leverage ASM tools, threat intelligence, and manual assessments to provide a comprehensive view of the organization's attack surface, ensuring ongoing protection against emerging threats.
This position requires a strong understanding of cybersecurity principles, extensive experience with ASM tools, and the ability to assess and communicate security risks effectively.
Key Responsibilities
Attack Surface Analysis and Assessment
Conduct regular assessments of the organization’s attack surface, including network, cloud, and application assets.
Utilize ASM tools (e.g., RiskIQ, Expanse, CyCognito) and threat intelligence to identify internet-facing assets and assess their exposure to potential threats.
Perform continuous asset discovery to identify shadow IT, misconfigured services, and third-party risks.
Map and document all exposed assets, ensuring an accurate inventory of the digital footprint across the organization.
Risk Evaluation and Mitigation
Evaluate the security posture of identified assets and prioritize risks based on potential impact and likelihood of exploitation.
Work closely with IT, DevOps, and Security Operations teams to address high-risk exposures through configuration changes, access controls, or network segmentation.
Provide recommendations for securing exposed assets, reducing the attack surface, and mitigating identified vulnerabilities.
Ensure asset owners are aware of ASM findings and provide actionable guidance for risk mitigation.
Monitoring and Threat Intelligence Integration
Continuously monitor the attack surface for changes and newly discovered assets.
Integrate threat intelligence to identify and assess the relevance of emerging threats to the organization’s digital assets.
Stay current on new attack techniques, tools, and threat actor activities that could impact the organization’s attack surface.
Establish alerting and response protocols for identified high-risk exposures.
Reporting and Communication
Develop and deliver clear, actionable reports on attack surface findings, risk assessments, and remediation progress.
Communicate risks and recommendations effectively to technical and non-technical stakeholders, including executive leadership.
Create metrics and dashboards to provide visibility into the organization’s attack surface and ASM program effectiveness.
Security Program Development and Continuous Improvement
Assist in the development and enhancement of the Attack Surface Management program, including setting standards for asset discovery and risk management.
Develop processes and workflows to automate attack surface discovery, monitoring, and assessment.
Provide training and awareness sessions to teams on reducing the attack surface and mitigating risks.
Identify opportunities to enhance security policies and procedures based on ASM findings and emerging best practices.
Required Qualifications
Education: Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field. Equivalent experience may be considered.
Experience:
Minimum of [3-5] years of experience in cybersecurity, with a focus on Attack Surface Management, Threat Intelligence, Vulnerability Management, or related fields.
Hands-on experience with ASM tools (e.g., RiskIQ, Expanse, CyCognito) and asset discovery methodologies.
Familiarity with vulnerability management processes and tools, along with an understanding of network and cloud security principles.
Experience working in large-scale enterprise environments, including cloud (AWS, Azure, GCP) and hybrid infrastructures.
Certifications (preferred): CISSP, CISM, OSCP, CEH, CompTIA CySA+, or relevant security certifications.
About the Company
Vallum Associates offer best in class talent acquisition on a contingency, retained, or project basis. Through our dedicated sector consultants, our specialised brands have the knowledge and connections to provide tailored hiring and project services across industries : * Banking & Financial * Energy, Utilities & Commodities * Engineering & Renewable * Insurance Services Our specialised industry and sector specific consultants are able to offer a personalised experience to fit your needs. Our unique associate consultativ... Know more
Related Jobs
- Company Name
- Prism Digital
- Job Title
- DevOps Engineer
- Job Description
- SC Cleared DevOps Engineer | AWS, AWS Glue, Lambda, Terraform – Inside IR35 Our client are undergoing a data migration from an Oracle data centre into AWS cloud. The data will be transformed in such a way that consumers will be able to consume the data. This role is consulting into a large public sector entity. Key Details: Contract Type: 475-500 Inside IR35 Duration: Initial 6 months – possibility for extension Location: Fully Remote Tech Stack: AWS, Terraform, AWS Glue & Lambda What You Will Bring: Strong experience with AWS services Proven skills in Terraform for infrastructure as code Solid experience before leading a data center migration into the cloud Extensive experience with AWS glue SC Clearance Previous public sector experience Ability to understand low-level/high-level designs and go and do the implementation Apply quickly as this one will go fast! SC Cleared DevOps Engineer | AWS, AWS Glue, Lambda, Terraform – Inside IR35
- Company Name
- RedRock Consulting
- Job Title
- Full-Stack Developer
- Job Description
- Full-Stack Developer Location: Fully Remote Duration: 3-Months Initially IR35 Status: Inside IR35 We are looking for a well established Frontend Developer / Full-Stack Developer who has a number of commercial years experience within multiple Frontend and Backend Development languages. Key Technical Skills: NodeJS JavaScript HTML / CSS Highly Advantageous: Ruby Python It would be extremely advantageous if you have SC Clearance, failing this would need to be eligible. *All candidates must be based in the UK and we are unable to provide sponsorship.*
- Company Name
- Futureheads Recruitment | B Corp™
- Job Title
- UX/Front End developer
- Job Description
- We are looking for a UX/Front End developer to join a fast growing ConTech/training start up on a short term engagement over two weeks. -We are after someone who has solid experience with React/TypeScript -You'll be building out two new sections of their product based around existing design concepts. -The role is fully remote UK -Contract is outside IR35 £380 p/d (if you are slightly outside of this, do feel free to apply).
- Company Name
- RedRock Consulting
- Job Title
- Frontend Developer
- Job Description
- Front-End Developer Contract Role - 6 Months Initially - Fully Remote - Inside IR35 My client is looking for a Front-End Developer to join on new projects, we understand this should be running for 18 months. The role's are working fully remote and Inside IR35! Tech Stack (Must Have): JavaScript Node.js REST HTML, CSS GIT Nice To Have: Ruby Python My client cannot provide sponsorship.