Attack Surface Management specialist

Job Title:

Location:

Employment Type:

Experience Required:

About the Role

Attack Surface Management (ASM) Trainer

As a trainer, you will be responsible for designing and delivering high-impact training programs that equip learners with practical skills in ASM, OSINT, and vulnerability intelligence. You'll also guide learners in mastering real-world ASM tools and offensive techniques used in red team engagements.

Key Responsibilities

• Design and deliver structured training modules on Attack Surface Management, OSINT, and vulnerability intelligence.
• Train participants in the use of ASM platforms (e.g., CyCognito, Netlas, Shodan, Censys, RiskIQ, etc.).
• Conduct hands-on labs covering domain/IP discovery, cloud exposure mapping, asset attribution, and misconfiguration detection.
• Teach how to analyze and prioritize external threats using frameworks like MITRE ATT&CK and CVSS/EPSS.
• Stay up to date with the latest ASM trends, tools, and adversary techniques and update course content accordingly.
• Conduct assessments and evaluations to monitor trainee progress.
• Mentor learners through real-world simulations and lab-based challenges.
• Support internal teams by developing knowledge-sharing sessions and upskilling programs.

Technical Skills Required

• Strong experience in ASM, external threat mapping, and internet-wide scanning.
• Hands-on with tools like CyCognito, Netlas, Shodan, Censys, SecurityTrails, FOFA, ZoomEye, etc.
• Knowledge of vulnerability intelligence platforms (Tenable, Qualys, AWS Inspector).
• Deep understanding of OSINT techniques, reconnaissance workflows, and attack surface mapping.
• Scripting knowledge (Python, Bash, PowerShell) for automation is a plus.
• Familiarity with networking protocols (TCP/IP, HTTP/S, DNS), cloud services, and web attack vectors.

Soft Skills

• Excellent presentation and public speaking skills.
• Strong ability to simplify complex concepts and communicate effectively with learners of all levels.
• Passionate about teaching, mentoring, and continuous learning.
• Ability to create engaging, hands-on content and real-world simulation environments.

Preferred Certifications (Optional but a Plus)

• OSCP / CRTP / CRTO / CEH
• CySA+, CompTIA Security+
• CVA or equivalent vulnerability-focused certifications
• Any cloud or OSINT certifications