Attack Surface Management Lead

Allianz is seeking for an experienced and driven Attack Surface Management Lead to strengthen our security posture by continuously identifying, mapping, and reducing our digital exposure. In this role, you will lead the development and execution of our attack surface management strategy, ensuring that internal and external assets are visible, monitored, and protected against emerging threats. You will work closely with IT, security, and business stakeholders to proactively mitigate risk and support secure digital growth.

Your mission in the role will be:

• Lead the Attack Surface Management Program: Define, implement, and continuously improve the enterprise-wide ASM strategy, ensuring consistent discovery, classification, and monitoring of internet-facing assets.
• Establish and Maintain Visibility: Ensure continuous identification of externally exposed systems, services, domains, and cloud resources across all business units and geographies.
• Reduce Exposure and Risk: Work with stakeholders to remediate identified issues, close visibility gaps, and reduce the organization’s external threat footprint in a risk-based and timely manner.
• Tooling and Automation: Select, operate, and fine-tune ASM platforms and tools; integrate with vulnerability management, threat intelligence, and incident response workflows.
• Threat-Informed Prioritization: Collaborate with threat intelligence and SOC teams to contextualize ASM findings, prioritize based on real-world exploitability, and contribute to proactive defense measures.
• Cross-Functional Engagement: Partner with IT, architecture, DevOps, and security teams to ensure secure deployment practices and reduce shadow IT and misconfigured services.
• Governance and Reporting: Define metrics, develop dashboards, and regularly report on ASM findings, trends, and remediation progress to senior security and business stakeholders.
• Awareness and Advocacy: Promote ASM awareness and best practices across the organization, and serve as a subject matter expert for external exposure and digital risk topics.

What you bring:

• Educational Background: Higher education degree in Cybersecurity, Information Technology, or a related field.
• Attack Surface Management Expertise: Deep understanding of ASM concepts including asset discovery, exposure monitoring, shadow IT detection, and external threat identification. Proven hands-on experience with ASM tools and platforms.
• Threat Exposure and Risk Awareness: Strong ability to translate technical exposure data into meaningful risk insights. Experience in prioritizing remediation efforts based on threat intelligence, exploitability, and business impact.
• Technical Breadth: Familiarity with internet-facing systems, cloud infrastructures (IaaS/PaaS/SaaS), domain and certificate management, and network perimeter configurations.
• Cross-Functional Collaboration: Demonstrated ability to work across teams including IT operations, architecture, vulnerability management, and business owners to close security gaps effectively.
• Certifications: Relevant certifications such as CISSP, OSCP, GIAC (GCIH, GPEN), or CEH are a plus.
• Communication and Influence: Excellent communication skills in English, capable of engaging both technical and non-technical audiences, and influencing decision-makers across the organization.
• Analytical and Operational Mindset: Strong analytical and investigative skills, with the ability to turn visibility gaps into prioritized action plans. Experience in developing and tracking ASM metrics and KPIs

 What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad.
• We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).
• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.
• Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.

About Allianz Technology

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked to run, optimize, transform, and innovate the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience.

We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centres, networks, and security, to application platforms ranging from workplace services to digital interaction.

In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.

Find us at: www.linkedin.com/company/allianz-technology.