Position Title: Cyber Threat Exposure Management Architect – SafeBreach
Location Information
Remote
Position Responsibilities:
As the Cyber Threat Exposure Management Architect specializing in SafeBreach, you will drive the development and execution of a comprehensive threat exposure management program. Your primary focus will be to design, implement, and mature a continuous attack simulation and security validation capability, ensuring robust defense across enterprise, cloud, and OT-adjacent environments.
• Lead the full lifecycle of a structured, sprint-based threat exposure management program—overseeing planning, governance, hands-on execution, and high-level executive reporting.
• Collaborate with key security stakeholders including CISOs, SOC leads, Cyber Threat Intelligence, and Detection Engineering teams to define program priorities, key performance indicators (KPIs), and a 12-month Continuous Threat Exposure Management (CTEM) roadmap.
• Deliver actionable executive-level insights, including analysis of risk posture, attack path mapping, and prioritized remediation recommendations.
• Architect and oversee deployment of SafeBreach simulators and propagate functions across diverse environments (enterprise, cloud, and remote).
• Define simulator placement strategies, build comprehensive data asset models, and establish frameworks for effective detection validation.
• Design, execute, and improve threat-informed scenarios simulating real-world adversarial tactics—such as ransomware, identity attacks, and industry-specific threats.
• Simulate and analyze the full cyber attack lifecycle, including phases like reconnaissance, lateral movement, credential exploitation, and data exfiltration.
• Continuously assess the effectiveness of security controls, including endpoint detection and response (EDR), SIEM, data loss prevention (DLP), email security, identity, and network safeguards.
• Integrate SafeBreach solutions with broader enterprise security platforms including SIEM, EDR, IT service management, and ticketing systems.
• Develop and operationalize closed-loop remediation workflows complete with automated retesting and validation.
• Partner with Detection Engineering and Threat Intelligence teams to enhance detection logic and MITRE ATT&CK framework coverage.
• Build and visualize customized reporting and dashboards targeted at executive, SOC, and engineering stakeholders.
• Deliver training and enablement to internal teams, ensuring successful transition and ongoing ownership of the CTEM program.
Essential Skills, Experience
• 7-10+ years of progressive experience within cybersecurity roles emphasizing threat detection, red/purple teaming, or exposure/threat management.
• Hands-on expertise with breach and attack simulation tools—particularly SafeBreach or similar continuous security validation platforms.
• Advanced understanding of modern cyber adversary tactics, techniques, and procedures (TTPs); deep familiarity with the MITRE ATT&CK framework.
• Proficiency with a wide array of enterprise security tools, including SIEM, EDR, DLP, network security, and identity management technologies.
• Demonstrated experience architecting and operationalizing security solutions for both on-premises and cloud environments (Azure and AWS highly preferred).
• Prior success integrating security tools with IT service management and ticketing platforms such as ServiceNow and Jira.
• Strong analytical, documentation, and executive communication skills, with a proven ability to distill complex technical findings into actionable business insights.
• Experience designing and delivering cyber-attack scenarios that align with evolving threat landscapes and real-world attack vectors.
• Background in collaborative, cross-functional environments and leading programs that require high degrees of collaboration and change management.
Qualifications:
- Bachelor’s degree in Computer Science, Information Security, Engineering, or related field strongly preferred; equivalent experience considered.
- Recognized information security certifications (e.g., CISSP, GIAC, OSCP) are a plus.
- Proven track record of leading and enabling complex cybersecurity programs at scale.
ECCO Select is committed to hiring and retaining a diverse workforce. Our policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category. Veterans of our United States Uniformed Services are specifically encouraged to apply for ECCO Select opportunities.
Equal Employment Opportunity is The Law
This Organization Participates in E-Verify