S
Verified
Spectraforce
Security Engineer II, Attack Surface Management
Los Angeles, CAFull-timeMidCompetitiveMay 7, 2026
Share
Job Description
Job Title: Security Engineer II, Attack Surface Management Location: Los Angeles, CA 90032
- Remote work is acceptable. Preference is given to candidates in PST or CST; however, EST candidates will be considered as long as they can work PST hours.
- Equipment shipping available for candidates located 2+ hours driving distance from the office. Assignment Duration: Direct Hire Salary Range: 110k - 124k/year Work Hours: 8:00 AM – 5:00 PM Interview Process: 2–3 steps via Video/Teams Dress Code: Business Casual Summary: The Attack Surface Management (ASM) Security Engineer reduces enterprise risk by continuously discovering assets, identifying vulnerabilities, and driving remediation across infrastructure, cloud, applications, AI and connected/medical/IoT devices. The role supports a proactive, risk-based approach to vulnerability and exposure management aligned with healthcare security best practices. Minimum Education:
- Associate's degree - Computer Science or a related field OR the equivalent combination of experience and education that would demonstrate the capability to successfully perform the essential functions of this position. Minimum Experience:
- 5–7+ years in vulnerability management, security engineering, or cloud/app security.
- Experience with vulnerability scanning tools and remediation workflows.
- Strong understanding of CVSS scoring and risk-based prioritization. Preferred
- Healthcare environment experience is a plus but not required.
- Security certifications such as Security+, SSCP, or cloud security certifications. Key Responsibilities & Accountabilities:
- Operate continuous asset discovery and vulnerability scanning capabilities.
- Validate, prioritize, and track remediation of vulnerabilities and misconfigurations.
- Support cloud security posture management and configuration hardening.
- Assist with secure development lifecycle (SDL) activities and application risk findings.
- Coordinate medical and IoT device vulnerability remediation and compensating controls.
- Produce metrics, dashboards, and reports to support KPIs and KRIs. Incident & RACI Expectations:
- Responsible for coordinating the remediation of non-active medical device vulnerabilities.
- Consulted during major incidents to identify root causes and remediation guidance.
Verified Listing
This role has been verified for authenticity, market-rate compensation, and remote eligibility.
Apply now
Step 1 of 1Newsletter
Stay at the forefront
of market
Get the latest updates on AI-powered hiring, career growth, and technical deep-dives delivered to your inbox.