Mindlance
Title: Cyber Attack Engineer
β - Featured Role | Apply direct with Data Freelance Hub
This role is for a Cyber Attack Engineer on an 18-month contract, offering a competitive pay rate. Key skills include proficiency in Python, experience with EASM tools, and a strong background in vulnerability management, preferably in banking or financial services.
π - Country
United States
π± - Currency
$ USD
-
π° - Day rate
760
-
ποΈ - Date
April 4, 2026
π - Duration
More than 6 months
-
ποΈ - Location
Unknown
-
π - Contract
Unknown
-
π - Security
Unknown
-
π - Location detailed
North Carolina, United States
-
π§ - Skills detailed
#Cybersecurity #Leadership #Azure #Security #Scripting #Defender #Automation #Python #Vulnerability Management #Data Wrangling #Cloud #Documentation #AWS (Amazon Web Services)
Role description
Title: Cybersecurity/Attack Surface Management Principal Engineer
Positions β 4
Duration: 18 Months β (Contract)
Description:
β’ Business Initiative/Purpose: (Goal, Business Impact, Accomplishments from the work)
β’ Lead EASM validation and engineering: Investigate and reproduce findings from EASM platforms (e.g., exposed services, misconfigurations, weak crypto, DNS issues, leaked assets).
Bachelor Degree: (Required, Preferred or Not Required)
β’ Required or enough job experience.
Role Responsibilities: (what they will be doing)
β’ The Cybersecurity Principal Engineer (Attack Surface Management) is responsible for designing, implementing, and maturing advanced security validation capabilities to safeguard enterprise systems and applications.
β’ This role focuses on continuous security validation through External Attack Surface Management (EASM) tools, integration with existing security infrastructure, and providing actionable insights to strengthen the firmβs cyber resilience.
β’ The engineer partners with cross-functional teams to simulate real-world adversarial tactics, techniques, and procedures (TTPs), evaluate control effectiveness, and recommend enhancements that align with enterprise risk management and regulatory standards.
Must Have Skills/Prior Experiences:
β’ Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s).
β’ Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle.
β’ Experience with penetration testing, vulnerability management, and security tools.
β’ Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).
Plus/Nice to Have Skills/Prior Experiences:
β’ Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s)
β’ Bachelorβs degree and twelve years of experience or an equivalent combination of education and work experience.
β’ Banking or financial services experience.
β’ Experience in designing and executing Attack Scenarios: Plan and conduct realistic cyberattack simulations that mimic real-world threat actor tactics, techniques, and procedures (TTPs).
β’ Analyze Simulation Results: Evaluate the outcomes of BAS, identifying weaknesses in security controls, vulnerabilities, and gaps in detection and response capabilities.
β’ Provide Actionable Recommendations: Develop and present recommendations to improve security policies, procedures, and technologies based on simulation findings.
β’ Document and Communicate: Maintain documentation of BAS methodologies, procedures, and results, and communicate findings to technical and non-technical stakeholders.
β’ Collaborate with Security Teams: Work with security analysts and engineers to adjust alerts, rules, and controls based on simulation results.
β’ Advanced Threat Hunting and Intelligence: Utilize threat intelligence to inform attack scenarios and identify emerging threats.
β’ Vulnerability Management: Identify, prioritize, and recommend remediation of high-risk vulnerabilities.
β’ Red Teaming and Blue Teaming: May also participate in red, purple, and blue team exercises to further evaluate security posture.
β’ Strong understanding of cybersecurity concepts, including attack vectors, TTPs, and security controls.
β’ Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle
β’ Experience with penetration testing, vulnerability management, and security tools.
β’ Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).
β’ Knowledge of common threat intelligence sources and frameworks.
β’ Excellent analytical, problem-solving, and communication skills.
β’ Ability to work independently and as part of a team.
β’ Experience with cybersecurity frameworks and standards (e.g., NIST, MITRE ATT&CK and D3FEND).
β’ Experience with GRC engineering.
β’ Strong knowledge of cloud security (AWS/Azure), PKI/TLS hygiene, DNS hardening, and external service posture.
β’ Hands-on experience with EASM platforms (e.g., Defender EASM, Cortex Xpanse, CyCognito, etc.) and strong understanding of internet-scale asset discovery
β’ Hands-on experience with vulnerability engineering or external attack surface security, with proven leadership in complex environments
β’ Experience with commercial BAS tools: AttackIQ, SafeBreach, Cymulate, etc.
β’ Experience with detection engineering and SOAR.
Title: Cybersecurity/Attack Surface Management Principal Engineer
Positions β 4
Duration: 18 Months β (Contract)
Description:
β’ Business Initiative/Purpose: (Goal, Business Impact, Accomplishments from the work)
β’ Lead EASM validation and engineering: Investigate and reproduce findings from EASM platforms (e.g., exposed services, misconfigurations, weak crypto, DNS issues, leaked assets).
Bachelor Degree: (Required, Preferred or Not Required)
β’ Required or enough job experience.
Role Responsibilities: (what they will be doing)
β’ The Cybersecurity Principal Engineer (Attack Surface Management) is responsible for designing, implementing, and maturing advanced security validation capabilities to safeguard enterprise systems and applications.
β’ This role focuses on continuous security validation through External Attack Surface Management (EASM) tools, integration with existing security infrastructure, and providing actionable insights to strengthen the firmβs cyber resilience.
β’ The engineer partners with cross-functional teams to simulate real-world adversarial tactics, techniques, and procedures (TTPs), evaluate control effectiveness, and recommend enhancements that align with enterprise risk management and regulatory standards.
Must Have Skills/Prior Experiences:
β’ Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s).
β’ Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle.
β’ Experience with penetration testing, vulnerability management, and security tools.
β’ Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).
Plus/Nice to Have Skills/Prior Experiences:
β’ Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s)
β’ Bachelorβs degree and twelve years of experience or an equivalent combination of education and work experience.
β’ Banking or financial services experience.
β’ Experience in designing and executing Attack Scenarios: Plan and conduct realistic cyberattack simulations that mimic real-world threat actor tactics, techniques, and procedures (TTPs).
β’ Analyze Simulation Results: Evaluate the outcomes of BAS, identifying weaknesses in security controls, vulnerabilities, and gaps in detection and response capabilities.
β’ Provide Actionable Recommendations: Develop and present recommendations to improve security policies, procedures, and technologies based on simulation findings.
β’ Document and Communicate: Maintain documentation of BAS methodologies, procedures, and results, and communicate findings to technical and non-technical stakeholders.
β’ Collaborate with Security Teams: Work with security analysts and engineers to adjust alerts, rules, and controls based on simulation results.
β’ Advanced Threat Hunting and Intelligence: Utilize threat intelligence to inform attack scenarios and identify emerging threats.
β’ Vulnerability Management: Identify, prioritize, and recommend remediation of high-risk vulnerabilities.
β’ Red Teaming and Blue Teaming: May also participate in red, purple, and blue team exercises to further evaluate security posture.
β’ Strong understanding of cybersecurity concepts, including attack vectors, TTPs, and security controls.
β’ Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle
β’ Experience with penetration testing, vulnerability management, and security tools.
β’ Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).
β’ Knowledge of common threat intelligence sources and frameworks.
β’ Excellent analytical, problem-solving, and communication skills.
β’ Ability to work independently and as part of a team.
β’ Experience with cybersecurity frameworks and standards (e.g., NIST, MITRE ATT&CK and D3FEND).
β’ Experience with GRC engineering.
β’ Strong knowledge of cloud security (AWS/Azure), PKI/TLS hygiene, DNS hardening, and external service posture.
β’ Hands-on experience with EASM platforms (e.g., Defender EASM, Cortex Xpanse, CyCognito, etc.) and strong understanding of internet-scale asset discovery
β’ Hands-on experience with vulnerability engineering or external attack surface security, with proven leadership in complex environments
β’ Experience with commercial BAS tools: AttackIQ, SafeBreach, Cymulate, etc.
β’ Experience with detection engineering and SOAR.
