Attack Surface Monitoring Lead in Bucuresti

Tenneco is one of the worlds leading designer, manufacturers and marketers of automotive products for original equipment and aftermarket customers, with approximately 78.000 team members working at more than 300 sites worldwide. Through our four business groups, Motorparts, Ride Performance, Clean Air and Powertrain, Tenneco is driving advancements in global mobility by delivering technology solutions for diversified global markets, including light vehicle, commercial truck, off-highway, industrial, motorsport and the aftermarket. Tenneco is looking for an Attack Surface Monitoring Lead to join its growing Information Security Operations team. As a member of the Security team, you will be helping us protect our business across 150 global sites. The Attack Surface Monitoring Lead is responsible for identifying and analyzing potential security vulnerabilities within an organization's digital ecosystem. This role plays a crucial part in safeguarding the organization against cyber threats by continuously monitoring and assessing the attack surface, which includes various digital assets, systems, applications, and services exposed to potential exploitation. The Analyst will work closely with the cybersecurity team to maintain a robust security posture and ensure timely detection and response to emerging risks. What you will do: Attack Surface Monitoring: Conduct regular scans and assessments of the organization's digital assets to identify potential weaknesses, misconfigurations, and vulnerabilities. Vulnerability Analysis: Analyze scan results and other security assessment outputs to prioritize risks and advise on remediation actions. Threat Intelligence: Stay up-to-date with the latest cybersecurity threats and vulnerabilities relevant to the organization's technology stack and industry. Incident Response Support: Collaborate with the incident response team to investigate and respond to potential security incidents related to the attack surface. Risk Assessment: Assess the risk exposure of the organization's digital assets and services and provide risk management recommendations to relevant stakeholders. Reporting and Documentation: Create comprehensive reports detailing findings, analysis, and recommended remediation strategies for management and technical teams. Security Tool Management: Utilize and manage security tools and technologies that aid in attack surface monitoring and vulnerability assessment. Collaboration: Work closely with cross-functional teams, including IT, development, and compliance, to ensure a unified and proactive security approach. Process Improvement: Continuously enhance attack surface monitoring processes and methodologies to adapt to emerging threats and improve efficiency. Compliance and Regulatory Adherence: Ensure that security practices align with relevant industry standards, regulations, and organizational policies. What will make you successful: Proven hands-on experience in cybersecurity, attack surface management, or related roles. Strong understanding of attack vectors, common vulnerabilities, and threat landscape, thorough understanding of the latest security principles, techniques, and protocols Familiarity with vulnerability scanning tools and platforms. Proficiency in analyzing security assessment outputs and providing actionable insights. Excellent communication skills, both written and verbal, to convey complex technical information to non-technical stakeholders. Analytical mindset and the ability to think critically to solve security challenges under pressure. Experience with scripting or programming languages for security automation is a plus. Experience creating playbook and runbook documentation and apply continuous improvement concepts Able to quickly learn new technologies and maintain up-to-date knowledge of current security trends Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent work experience). Professional certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), or GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), and Offensive Security Certified Professional (OSCP) are beneficial. Minimum 5 years of experience securing IT systems Experience with one or more of the following: Vulnerability Management, Threat Intelligence, or Intrusion Prevention Tools (example: Microsoft External Attack Surface Monitoring, Rapid7, Windows Defender, Splunk, Microsoft Sentinel) Experience with administration and management of Windows, Linux, or Networks Experience in a large-scale global IT enterprise environment Certified Incident Handler (GCIH) certification or equivalent preferred Microsoft / Red Hat Certificates preferred Knowledge of ISO 2700x, TISAX, COBIT, and/or Six Sigma preferred Knowledge of Security frameworks like Mitre Attack Framework, Cyber KillChain preferred What we offer: At Tenneco, we prioritize your growth and integration. We offer a range of benefits to foster your personal and professional development. Our welcoming environment ensures a pleasant day-to-day experience, where you'll feel challenged and inspired. Join us to thrive and succeed together! #LI-OC1We are committed to the safety and health of our employees. We adhere to social distancing recommendations and other protocols, ensuring a safe work environment for all.