Attack Surface Management Lead

Work Your Magic with us! Start your next chapter and join MilliporeSigma.

Ready to explore, break barriers, and discover more? We know you’ve got big plans – so do we! Our colleagues across the globe love innovating with science and technology to enrich people’s lives with our solutions in Healthcare, Life Science, and Electronics. Together, we dream big and are passionate about caring for our rich mix of people, customers, patients, and planet. That's why we are always looking for curious minds that see themselves imagining the unimaginable with us.  

Attack Surface Management Lead – MilliporeSigma Life Science

Reports to Head of Cyber Enablement & Compliance

Your role:

As a member of Cyber Enablement and Compliance, you play a pivotal role within MilliporeSigma's Life Science (LS) Cyber Security team. You are part of the global Cyber Security team, interfacing with the LS business and corporate Cyber Security. This is a strategic, hands-on role leading the design, implementation, and continuous improvement of our attack surface reduction initiatives. The successful candidate will bring strong technical expertise in Attack Surface Management (ASM) methodologies and broad project management capabilities.

Key Responsibilities:

Attack Surface Management Strategy for MilliporeSigma Life Science

• Lead the design and evolution of comprehensive ASM strategies aligned with organizational risk reduction targets
• Architect ASM discovery, monitoring, and validation frameworks that identify and track external assets across cloud, network, application environments, websites and digital products
• Develop and implement advanced detection methodologies for shadow IT and rogue assets
• Establish baseline metrics and KPIs for attack surface visibility and coordinate their achievement across LS business and security operations teams

Process Improvement & Automation

• Make improvements to existing ASM processes, tools, and workflows; collaborate across global Cyber Security team to implement these enhancements; improve automation
• Evaluate and drive adoption of new ASM tooling, platforms, and technologies

Cross-Functional Leadership & Collaboration

• Communicate with security operations, vulnerability management, infrastructure, development, and business teams to establish priorities.
• Gain organizational cooperation on the adoption of new ASM processes and procedures by clearly demonstrating business value
• Coordinate with external stakeholders including cloud service providers, domain registrars, and security vendors
• Partner with the vulnerability management function to ensure discovered all assets are properly scanned, classified, and prioritized

Vulnerability & Risk Management Integration

• Ensure attack surface visibility feeds directly into vulnerability management workflows and tracking systems
• Prioritize discovered assets and vulnerabilities using business impact, EPSS scoring
• Support executive reporting on attack surface reduction progress
• Maintain oversight of critical vulnerabilities tied to external-facing assets and coordinate remediation timelines

Project Management

• Manage complex, multi-phase ASM initiatives with general oversight; define scope, timelines, resource requirements, and success criteria
• Lead projects such as cloud security posture assessments, third-party risk management integrations, or regional attack surface reduction campaigns
• Work with minimal day-to-day direction; escalate strategic decisions and blockers appropriately to leadership
• Track project health through metrics and maintain stakeholder visibility on progress and risks

Threat Intelligence & Compliance Integration

• Incorporate relevant threat intelligence (zero-day vulnerabilities, attack trends, industry-specific risks) into attack surface prioritization decisions
• Ensure processes align with legal, regulatory, and industry standards and requirements (e.g. ISO/IEC 27001/27002, NIST CSF, NIS2, CRA, IEC62443, PCI DSS)
• Contribute to security assessments and audit responses related to external assets.

Location:

This position can be based in either our Burlington, MA or St. Louis, MO site. We do offer a hybrid flexible work arrangement.

Who you are:

• Professional with a positive attitude and capable of contributing to a dynamic and team-oriented culture
• Bachelor’s Degree in Computer Science, Engineering or related field
• At least 6 years of experience in information security;
  • At least 3 years directly focused on attack surface management, external vulnerability management, or asset discovery following legal, regulatory, and industry standards and requirements
• Advanced technical knowledge, methodologies and tools (e.g., Tenable, Rapid7 Insight VM, Qualys VMDR, or similar platforms)
• Strong understanding of cloud security (AWS, Azure, GCP), network reconnaissance, and vulnerability assessment
• Experience with JIRA, vulnerability management workflows, and security automation tools
• Experience with threat intelligence platforms and CSIRT coordination
• Strong analytical and problem-solving skills with the ability to assess complex security issues and develop effective solutions
• Excellent verbal and written communication skills in English, capable of conveying complex security concepts to non-technical stakeholders
• Strong interpersonal skills and the ability to work collaboratively with cross-functional teams and external partners
• Broad knowledge of project management methodologies; experience managing complex, multi-stakeholder initiatives; ability to design and implement process improvements.

Pay Range: $120,400-$185,600

The offer range represents the anticipated low and high end of the base pay compensation for this position. The actual compensation offered will be determined by factors such as location, level of experience, education, skills, and other job-related factors. Position may be eligible for sales or performance-based bonuses. Benefits offered by the Company include health insurance, paid time off (PTO), retirement contributions, and other perquisites. For more information click here.

What we offer: We are curious minds that come from a broad range of backgrounds, perspectives, and life experiences. We believe that this variety drives excellence and innovation, strengthening our ability to lead in science and technology. We are committed to creating access and opportunities for all to develop and grow at your own pace. Join us in building a culture of inclusion and belonging that impacts millions and empowers everyone to work their magic and champion human progress!

Apply now and become a part of a team that is dedicated to Sparking Discovery and Elevating Humanity!