Security Engineer II, Attack Surface Management

Job Description

Job Title:

Security Engineer II, Attack Surface Management

Location:

Los Angeles, CA 90032

• Remote work is acceptable. Preference is given to candidates in PST or CST; however, EST candidates will be considered as long as they can work PST hours.
• Equipment shipping available for candidates located 2+ hours driving distance from the office.

Assignment Duration:

Direct Hire

Salary Range:

110k - 125k/year

Work Hours:

8:00 AM - 5:00

PM Interview Process:

2-3 steps via Video/Teams

Dress Code:

Business Casual Summary:

The Attack Surface Management (ASM) Security Engineer reduces enterprise risk by continuously discovering assets, identifying vulnerabilities, and driving remediation across infrastructure, cloud, applications, AI and connected/medical/IoT devices. The role supports a proactive, risk-based approach to vulnerability and exposure management aligned with healthcare security best practices.

Minimum Education:

• Associate's degree - Computer Science or a related field OR the equivalent combination of experience and education that would demonstrate the capability to successfully perform the essential functions of this position.

Minimum Experience:

• 5-7+ years in vulnerability management, security engineering, or cloud/app security.
• Experience with vulnerability scanning tools and remediation workflows.
• Strong understanding of CVSS scoring and risk-based prioritization. Preferred
• Healthcare environment experience is a plus but not required.
• Security certifications such as Security+, SSCP, or cloud security certifications.

Key Responsibilities & Accountabilities:

• Operate continuous asset discovery and vulnerability scanning capabilities.
• Validate, prioritize, and track remediation of vulnerabilities and misconfigurations.
• Support cloud security posture management and configuration hardening.
• Assist with secure development lifecycle (SDL) activities and application risk findings.
• Coordinate medical and IoT device vulnerability remediation and compensating controls.
• Produce metrics, dashboards, and reports to support KPIs and KRIs.

Incident & RACI Expectations:

• Responsible for coordinating the remediation of non-active medical device vulnerabilities.
• Consulted during major incidents to identify root causes and remediation guidance.

Applicant Notices & Disclaimers For information on benefits, equal opportunity employment, and location-specific applicant notices, click here At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position's starting pay is: $110240.00/Yearly.