Attack Surface Management Expert

Allianz is seeking a hands-on and detail-oriented Attack Surface Management (ASM) Expert to support the continuous discovery, monitoring, and reduction of Allianz’s risk exposure. In this role, you will be responsible for identifying assets, detecting vulnerabilities and misconfigurations, and ensuring risks are addressed before they can be exploited. You will work closely with IT, security operations, and architecture teams to maintain visibility across the global environment and proactively reduce Allianz’s attack surface. This role is essential in strengthening our preventive cyber defense and enabling secure business innovation.

Your mission in the role will be:

To support and follow on the following prioritization, reporting, risk registration and consequence management on managing attack surface. This includes engaging the following activities:

• Asset Discovery & Exposure Mapping: Continuously identify and map Allianz’s external-facing digital assets (domains, IPs, cloud services, applications), ensuring complete visibility into the attack surface. Analyse findings from ASM tools, correlate with threat intelligence and business context, and prioritize exposures based on exploitability and potential impact.
• Issue Validation & Remediation Support: Validate identified risks and exposures, work with IT, DevOps, and application owners to ensure timely mitigation and track remediation progress.
• Misconfiguration & Shadow IT Detection: Detect unapproved or misconfigured systems and services (e.g., open ports, weak encryption, unmanaged cloud services), and initiate appropriate follow-up actions.
• Documentation & Reporting: Maintain detailed documentation of findings, support reporting to management, and contribute to dashboards and KPIs that reflect ASM maturity and progress.
• Security Best Practices Advocacy: Promote awareness of ASM risks and secure deployment practices across IT and development teams, helping reduce exposure from the ground up.

What you bring:

• Educational Background: Higher education degree in Information Security, Computer Science, or a related technical field.
• Attack Surface Management Expertise: Proven hands-on experience in identifying, classifying, and managing external digital assets. Skilled in using ASM platforms (e.g., CyCognito, Palo Alto Cortex Xpanse, Rapid7, or similar) to detect unknown assets, misconfigurations, and exposure risks.
• Technical and Analytical Skills: Solid understanding of internet protocols, DNS, SSL/TLS, cloud infrastructure (AWS, Azure, GCP), and web application technologies. Strong ability to analyse external exposure data, correlate with threat intelligence, and recommend practical remediation actions.
• Collaboration and Communication: Ability to collaborate with IT operations, DevOps, vulnerability management, and SOC teams to support risk reduction. Effective communicator with the ability to document findings, articulate risk impact, and support mitigation efforts in a clear, actionable manner

 What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad.
• We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).
• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.
• Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.

About Allianz Technology

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked to run, optimize, transform, and innovate the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience.

We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centres, networks, and security, to application platforms ranging from workplace services to digital interaction.

In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.

Find us at: www.linkedin.com/company/allianz-technology.