Job Description:

Attack Surface Management Lead

Collaborate with Innovative 3Mers Around the World

Choosing where to start and grow your career has a major impact on your professional and personal life, so it’s equally important you know that the company that you choose to work at, and its leaders, will support and guide you. With a wide variety of people, global locations, technologies and products, 3M is a place where you can collaborate with other curious, creative 3Mers.

This position provides an opportunity to transition from other private, public, government or military experience to a 3M career.

The Impact You Will Make in this Role:

The Attack Surface Management (ASM) Lead will drive the identification, analysis, and reduction of the organization's digital and physical exposure across cloud, on-prem, OT, and third-party environments. This role will lead the enterprise-wide ASM strategy, combining external threat visibility with internal exposure reduction, and will oversee related functions such as vulnerability management, asset discovery, and exposure monitoring. ​

Key Responsibilities:

Management ​

• Define and execute the enterprise Attack Surface Management strategy across cloud, on-premises, and external environments. ​

• Lead and mentor a cross-functional ASM team, including direct oversight of the Vulnerability Management (VM) and Threat Intel & Testing Manager

• Establish clear goals, success metrics, and maturity roadmaps for ASM including VM and Threat Intel & Testing functions. ​

• Collaborate with IT, cloud, OT, and third-party risk teams to align ASM initiatives with organizational risk priorities. ​

• Manage vendor relationships and toolsets supporting ASM, external scanning, and attack surface discovery platforms.​

Technical​

• Lead efforts to map, monitor, and validate known and unknown assets, services, and digital exposures. ​

• Implement continuous discovery and monitoring of exposed assets and services, including shadow IT, abandoned infrastructure, expired domains, and misconfigured cloud resources. ​

• Develop and maintain asset classification and tagging strategies to support risk-based prioritization and contextual analysis. ​

• Correlate ASM findings with threat intelligence feeds and vulnerability data to identify high-risk exposures and inform remediation efforts. ​

• Define and implement processes for validation, triage, and escalation of ASM findings in coordination with vulnerability management and SOC teams. ​

• Oversee integration of ASM platforms with SIEM/SOAR solutions (e.g., Sentinel, Splunk, ServiceNow) to automate alerting, ticketing, and response workflows. ​

• Collaborate with security engineering and architecture teams to implement preventive controls, such as automated remediation, segmentation, or blocking of exposed services. ​

• Analyze trends and patterns in exposure data to identify systemic issues, control gaps, and architectural weaknesses.​

Organizational​

• Translate ASM insights into business risk terms and influence remediation priorities with stakeholders. ​

• Report attack surface trends, exposure metrics, and risk posture to senior leadership and governance forums. ​

• Collaborate with Security Architecture and GRC to integrate ASM outputs into risk registers and architectural reviews. ​

• Ensure ASM-related processes and reporting support regulatory, compliance, and audit requirements.

Your Skills and Expertise:

To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications:

• Bachelor's degree in cybersecurity or computer science (completed and verified prior to start) from an accredited university.

• Seven (7) years of experience in cybersecurity, with at least 2 years focused on ASM, external threat management, or exposure reduction in a private, public, government or military environment ​

Additional qualifications that could help you succeed even further in this role include:

• Relevant certifications (e.g., CISSP, OSCP, GIAC, CRTO) preferred.​

• Proven leadership experience managing security functions and personnel, ideally including vulnerability management. ​

• Strong understanding of enterprise architectures, networking, cloud environments (Azure, AWS, GCP), and OT/IoT systems. ​

• Experience with ASM tools (e.g., Randori, Censys, Shodan, Palo Alto Xpanse) and vulnerability platforms (e.g., Wiz, Qualys, Microsoft Defender TVM). ​

• Familiarity with threat modeling frameworks, MITRE ATT&CK, and risk-based prioritization methodologies. ​

• Strong verbal and written communication skills, including experience presenting to executives and technical stakeholders. ​

• Strong leadership and people management skills with cross-functional influence. ​

• Deep understanding of ASM concepts, tools, and exposure management lifecycle. ​

• Experience managing or integrating vulnerability management functions. ​

• Expertise in asset discovery, external reconnaissance, and attack path mapping. ​

• Ability to translate technical risks into business impacts. ​

• Familiarity with hybrid infrastructure (cloud, on-prem, OT, third-party). ​

• Knowledge of security architecture principles and IT/OT convergence challenges. ​

• Skilled in vendor evaluation, tool selection, and capability building. ​

• Competence in data analysis and reporting using dashboards or BI tools. ​

• Excellent documentation and communication skills, with a focus on executive reporting and technical clarity.​

Work location: On site in Austin TX

Travel: May include up to 10% domestic and international

Relocation Assistance: Is Authorized

Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).

Supporting Your Well-being

3M offers many programs to help you live your best life – both physically and financially. To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope.

Chat with Max

For assistance with searching through our current job openings or for more information about all things 3M, visit Max, our virtual recruiting assistant on 3M.com/careers.

Applicable to US Applicants Only:The expected compensation range for this position is $228,040 - $278,715, which includes base pay plus variable incentive pay, if eligible. This range represents a good faith estimate for this position. The specific compensation offered to a candidate may vary based on factors including, but not limited to, the candidate’s relevant knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.). Additional information is available at: https://www.3m.com/3M/en_US/careers-us/working-at-3m/benefits/.Good Faith Posting Date Range 07/16/2025 To 08/15/2025 Or until filledAll US-based 3M full time employees will need to sign an employee agreement as a condition of employment with 3M. This agreement lays out key terms on using 3M Confidential Information and Trade Secrets. It also has provisions discussing conflicts of interest and how inventions are assigned. Employees that are Job Grade 7 or equivalent and above may also have obligations to not compete against 3M or solicit its employees or customers, both during their employment, and for a period after they leave 3M.Learn more about 3M’s creative solutions to the world’s problems at www.3M.com or on Instagram, Facebook, and LinkedIn @3M.Responsibilities of this position include that corporate policies, procedures and security standards are complied with while performing assigned duties.Safety is a core value at 3M. All employees are expected to contribute to a strong EHS culture by following safety policies, identifying hazards, and engaging in continuous improvement.Pay & Benefits Overview: https://www.3m.com/3M/en_US/careers-us/working-at-3m/benefits/3M does not discriminate in hiring or employment on the basis of race, color, sex, national origin, religion, age, disability, veteran status, or any other characteristic protected by applicable law.

Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.

3M Global Terms of Use and Privacy Statement

Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here, select the country where you are applying for employment, and review. Before submitting your application, you will be asked to confirm your agreement with the terms.