Manager, Attack Surface Management (ASM)
![]() | |
![]() United States, California, Los Angeles | |
![]() 3720 Flower Street (Show on map) | |
![]() | |
Manager, Attack Surface Management (ASM)
Apply Information Technology Services ITS Los Angeles, California ABOUT THE DEPARTMENT The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. As a world-class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape. This role sits within a newly restructured cybersecurity organization that's leading this transformation. You'll join a team focused on scalable, proactive defense strategies, incident preparedness, and operational excellence-working alongside experts who are deeply committed to service, innovation, and impact. If you're driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your leadership to the table. POSITION SUMMARY As the Manager, Attack Surface Management (ASM) you will be an integral leader of the cybersecurity department while also collaborating with stakeholders across the university ecosystem, and reporting to the Cyber Defense Director. This is a full-time exempt position, eligible for all of USC's fantastic Benefits + Perks. This opportunity is remote. The Manager, Attack Surface Management (ASM) leads the university's Attack Surface Management (ASM) program, integrating vulnerability management, cyber threat intelligence (CTI), and vendor-led managed security services (MSSPs) aligning to threat-informed defenses. Responsible for external and internal attack surface visibility, prioritized remediation, and adversary-informed defense design. Responsible for overseeing vulnerability assessments, penetration testing, and proactive risk mitigation to safeguard the university's digital assets. Directs third-party security providers (e.g., managed services, professional services) as well as coordination with cross functional cyber teams to implement attack surface management strategies. Responsible for establishing processes for the ASM team to continuously monitor and utilize security tools to assess the university's digital footprint, identifying vulnerabilities (internal and external), and implementing measures to mitigate risks and provide recommended remediation action. The Manager, Attack Surface Management (ASM) will:
MINIMUM QUALIFICATIONS Great candidates for the position of Manager, Attack Surface Management (ASM) will meet the following qualifications:
PREFERRED QUALIFICATIONS Exceptional candidates for the position of Manager, Attack Surface Management (ASM) will also bring the following qualifications or more:
In addition, the successful candidate must also demonstrate, through ideas, words and actions, a strong commitment to USC's Unifying Values of integrity, excellence, community, well-being, open communication, and accountability. SALARY AND BENEFITS The annual base salary range for this position is $186,100.12 to $227,349.86. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate's work experience, education/training, key skills, internal peer alignment, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations. To support the well-being of our faculty and staff, USC provides benefits-eligible employees with a broad range of perks to help protect their and their dependents' health, wealth, and future. These benefits are available as part of the overall compensation and total rewards package. You can learn more about USC's comprehensive benefits here. Join the USC cybersecurity team within an environment of innovation and excellence. Minimum Education: Bachelor's degree Addtional Education Requirements Combined experience/education as substitute for minimum education Minimum Experience: 5 years in attack surface and vulnerability management. Minimum Skills: Strong understanding of attack surface management, security testing practices, and methodologies. Ability to develop and implement a comprehensive attack surface management strategy that aligns with the university's objectives and risk appetite. Deep understanding of cybersecurity principles, attack vectors, and the threat landscape. Familiarity with MITRE ATT&CK, Diamond Model, OWASP Top 10, and CVSS frameworks Experience operationalizing CTI and IOCs across SIEM, EDR, and ASM workflows Ability to assess business risks and recommend suitable cybersecurity measures. Adaptability to changes in the external environment and organizational shifts. Knowledge of system, application, and database hardening techniques. Effective communication skills and the ability to interact with all organizational levels. Project management experience and the ability to lead complex security initiatives. Ability to collaborate and manage managed service providers, including MSSPs, SLA tracking, contract influence, performance oversight. Ability to engage with other teams across the cybersecurity function to push for continuous improvement of the attack surface management capability. Experience managing MSSPs, including SLA tracking, contract influence, and performance oversight Commitment to staying current with the latest security threats, trends, and technologies. Strong leadership and people management skills. Solid technical knowledge and troubleshooting skills. Ability to work effectively in high-stress situations and manage crisis situations. Skilled in communicating with a wide range of stakeholders and business partners. Experience in the management and/or implementation of security monitoring, anti-malware, and vulnerability management technologies. In-depth experience in application security management and knowledge of cyber threat intelligence. Comprehensive knowledge of cloud computing and associated security challenges. Preferred Education: Master's degree Preferred Certifications: Cyber certification (e.g., CISSP, GIAC, CISM). Preferred Experience: 7 years With 3 years leading a vulnerability management program, with the ability to prioritize projects and deliverables. REQ20164592 Posted Date: 07/20/2025 Apply |