Job Title: Security Engineer II, Attack Surface Management Location: Los Angeles, CA 90032 • Remote work is acceptable. Preference is given to candidates in PST or CST; however, EST candidates will be considered as long as they can work PST hours. • Equipment shipping available for candidates located 2+ hours driving distance from the office. Assignment Duration: Direct Hire Salary Range: 110k - 125k/year Work Hours: 8:00 AM – 5:00 PM Interview Process: 2–3 steps via Video/Teams Dress Code: Business Casual
Summary: The Attack Surface Management (ASM) Security Engineer reduces enterprise risk by continuously discovering assets, identifying vulnerabilities, and driving remediation across infrastructure, cloud, applications, AI and connected/medical/IoT devices. The role supports a proactive, risk-based approach to vulnerability and exposure management aligned with healthcare security best practices.
Minimum Education: • Associate's degree - Computer Science or a related field OR the equivalent combination of experience and education that would demonstrate the capability to successfully perform the essential functions of this position.
Minimum Experience: • 5–7+ years in vulnerability management, security engineering, or cloud/app security. • Experience with vulnerability scanning tools and remediation workflows. • Strong understanding of CVSS scoring and risk-based prioritization.
Preferred • Healthcare environment experience is a plus but not required. • Security certifications such as Security+, SSCP, or cloud security certifications.
Key Responsibilities & Accountabilities: • Operate continuous asset discovery and vulnerability scanning capabilities. • Validate, prioritize, and track remediation of vulnerabilities and misconfigurations. • Support cloud security posture management and configuration hardening. • Assist with secure development lifecycle (SDL) activities and application risk findings. • Coordinate medical and IoT device vulnerability remediation and compensating controls. • Produce metrics, dashboards, and reports to support KPIs and KRIs.
Incident & RACI Expectations: • Responsible for coordinating the remediation of non-active medical device vulnerabilities. • Consulted during major incidents to identify root causes and remediation guidance.
Applicant Notices & Disclaimers
For information on benefits, equal opportunity employment, and location-specific applicant notices, click here
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $ 110240.00/Yearly.
