| Company | Taxwell |
|---|---|
| Location | Remote |
| Preferred GIAC Certifications | GPEN, GWEB, GWAPT |
| Travel | 5% |
| Salary | Not provided |
| URL | https://taxwell.wd1.myworkdayjobs.com/en-US/taxwell/details/Attack-Surface-Management-Analyst_R0003449 |
| Contact Name | Brian T |
| Contact Email | elaine.flesch/at/drakesoftware.com |
| Expires | 2025-08-07 |
Job Description
Taxwell helps everyday Americans get every tax advantage they deserve by finding credits and deductions they never even knew existed. Our tax preparation software offers easy guidance and ensures your maximum tax refund. We strive to build a team of like-minded experts in both tax and technology who align with our brand purpose, are advocates for our customers and have a fresh, non-traditional approach to the tax industry.
In this role, you will collaborate closely with the Cyber Security Operations teams to continuously evaluate Taxwell’s attack surface, identify cybersecurity risks, and engage collaborators in risk mitigation and remediation efforts. This involves actively working with various teams to assess potential vulnerabilities, analyze risks, prioritize remediation efforts, and provide detailed recommendations for reducing exposure.
You will also stay up to date on cybersecurity standard processes, open-source intelligence (OSINT) methodologies, and emerging attack surface management trends through professional development and training. Continuously seek opportunities to enhance knowledge and skills in this rapidly evolving field.
Operational Responsibilities
Attack Surface Discovery & Assessment: Continuously identify and assess assets across Taxwell’s infrastructure, including devices, IT infrastructure, cloud environments, and 3rd party systems.
Risk Prioritization & Remediation: Analyze discovered risks, prioritize remediation efforts based on potential impact, and coordinate with relevant teams to reduce exposure.
Threat Intelligence & Trend Analysis: Collaborate with the Taxwell Cyber Security Team to monitor emerging cybersecurity threats, techniques, and vulnerabilities affecting the financial and multi-state sectors, integrating insights into attack surface management strategies.
Alerting & Reporting: Provide timely reporting and notifications to relevant teams about critical vulnerabilities, delivering detailed risk assessments and actionable remediation recommendations.
Secure Development Collaboration: Partner with product development and GRC to integrate security standard methodologies into the design of software, and related systems, ensuring a secure-by-design approach.
Incident Response Support: Assist in refining incident response protocols and actively contribute to investigations and mitigation efforts when security incidents arise.
Regulatory Compliance & Standards: Ensure alignment to industry regulations and standards, including GLBA, FTC and NIST cybersecurity frameworks.
Security Awareness & Training: Assist in conducting training sessions to enhance cybersecurity awareness among collaborators, emphasizing threats relevant to Taxwell, its customers, and patients. Effectively communicate technical risks to non-technical audiences and provide guidance on cybersecurity best practices.
Process & Tool Optimization: Continuously seek improvements in attack surface management processes, methodologies, and security toolsets to enhance operational effectiveness.
Experience:
3+ years of experience with attack surface reduction or attack surface management, with a minimum of 2 years of AWS and Azure experience is required
Experience with server application and network security hardening
Strong background in cybersecurity, with a deep understanding of attack surface management, risk assessment, and vulnerability analysis
Possession of excellent oral and written communication skills, including presenting to technical and non-technical clients
Experience collaborating with security operations teams and engaging stakeholders across various business units
Ability to analyze and prioritize risks based on potential impact, and provide actionable remediation recommendations
Preferred:
1+ years of experience with penetration testing or ethical hacking
Experience with secure coding and software development
Certifications CASE, CSSLP, GWAPT GPEN, GIAC, GCPN, GWEB and/or PenTest+
At Taxwell, we believe our work benefits from the diverse perspectives of our employees. As such, Taxwell welcomes and celebrates diversity and inclusion and is committed to equal opportunity employment. At Taxwell, you can expect a supportive, open, and inclusive atmosphere and a team that values your contributions.
Taxwell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants without regard to race, color, religion, sex, national origin, age, disability, marital status, sexual orientation, gender identity, veteran status, and any other status protected under applicable law. Taxwell considers information gathered in the hiring process, including information on this application, confidential, and only shares it on a need-to-know basis or as required by law.
If you need assistance or accommodation due to a disability, you may contact us at HR@Taxwell.com or by calling 828-349-5703 extension 6049 to speak with a member of the HR Talent Acquisition team.
