• Attack Surface Management Program Manager

    ARAMARK (Philadelphia, PA)


    Job Description

    The Program Manager for Attack Surface Management (ASM) proactively identifies, manages, and reduces the organization's digital attack surface through asset discovery, vulnerability scanning, and risk prioritization. This role directly impacts organizational success by enhancing security posture and enabling profitable growth through secure infrastructure and assets. The ideal candidate enjoys diverse challenges, thrives in a collaborative, innovative, and agile team environment, and seeks continuous opportunities for professional growth, supported by ongoing training and mentoring.

    Essential Functions

    Primary Responsibilities:

    Discovery & Inventory (Full Visibility)

     

    Continuously identify external attack surfaces (domains, IPs, cloud buckets, APIs).

     

    Maintain internal asset inventory through integrations with CMDB, vulnerability scanners, endpoint solutions, and cloud platforms.

     

    Vulnerability & Configuration Management

     

    Lead vulnerability scanning operations

     

    Coordinate with patching teams to drive remediation of stale, non-standard, and risky asset configurations, emphasizing collaboration over direct patch management.

     

    Risk-Based Prioritization & Contextualization

     

    Prioritize vulnerabilities based on asset criticality, threat intelligence, and exposure risk.

     

    Translate technical risk information into actionable insights understandable by business leaders.

    Additional Responsibilities:

    Threat Intelligence & External Monitoring

    Monitor threat intelligence for external threats (e.g., spoofed domains).

     

    Collaborate with Incident Response (IR), Legal, and business teams for domain management and incident response.

     

    Business Alignment & Governance

     

    Support asset ownership identification and independently maintain robust accountability frameworks.

     

    Provide insights to governance structures.

     

    Assist in collaborative development and maintenance of remediation playbooks.

     

    Exposure Management & Remediation Enablement

     

    Enable swift remediation through workflow automation, ServiceNow integration, and proactive notifications.

     

    Cloud & DevSecOps Integration

     

    Integrate ASM capabilities with cloud security posture management tools.

     

    Collaborate with DevOps teams to monitor cloud environments and CI/CD pipelines for insecure configurations and secrets exposure, reinforcing a DevSecOps approach.

    Tooling & Platform Coordination

    Coordinate and assist with managing ASM tools (Qualys, Shodan, Bitsight, etc.) collaboratively with team, third-party support, and vendors to ensure effective platform performance.

     

    Cross-Team Collaboration

     

    Collaborate effectively with IT Operations, Networking, Cloud, Application Development, Legal, GRC, Architecture, and other stakeholders.

     

    Forward-Looking Strategy

     

    Support continuous evolution toward comprehensive Exposure Management and integrated Business Risk Insights.

    Qualifications

    SCOPE

    Reports to Cybersecurity Sr. Director.

     

    Requires understanding of cybersecurity frameworks (e.g., NIST, MITRE ATT&CK), vulnerability management practices, cloud security, and modern DevSecOps practices.

     

    Strong cross-functional collaboration and influencing skills are essential.

     

    Ability to operate strategically and tactically, maintaining hands-on involvement.

     

    Welcomes candidates demonstrating potential, curiosity, and willingness to expand their skill sets, supported by structured mentorship and onboarding opportunities.

    QUALIFICATIONS

    Bachelor?s degree in Cybersecurity, Information Technology, or related discipline preferred, or equivalent experience.

     

    7+ years of experience in cybersecurity, vulnerability management, or related roles preferred.

     

    Familiarity with ASM tooling (Qualys, Wiz.io, CrowdStrike, etc.), CMDB integrations, and cloud security platforms preferred.

     

    Experience with cloud security or DevSecOps practices strongly desired, given the role?s focus on these areas.

     

    Ability to translate technical security information into actionable insights.

     

    Relevant industry certifications (CISSP, CISM, GIAC certifications) desirable but not mandatory.

     

    Strong project management, communication skills, and a collaborative mindset essential.

    Education

    Bachelors preferred

     

    About Aramark

     

    Our Mission

     

    Rooted in service and united by our purpose, we strive to do great things for each other, our partners, our communities, and our planet.

     

    At Aramark, we believe that every employee should enjoy equal employment opportunity and be free to participate in all aspects of the company. We do not discriminate on the basis of race, color, religion, national origin, age, sex, gender, pregnancy, disability, sexual orientation, gender identity, genetic information, military status, protected veteran status or other characteristics protected by applicable law.

     

    About Aramark

     

    The people of Aramark proudly serve millions of guests every day through food and facilities in 15 countries around the world. Rooted in service and united by our purpose, we strive to do great things for each other, our partners, our communities, and our planet. We believe a career should develop your talents, fuel your passions, and empower your professional growth. So, no matter what you're pursuing - a new challenge, a sense of belonging, or just a great place to work - our focus is helping you reach your full potential. Learn more about working here at http://www.aramarkcareers.com or connect with us on Facebook , Instagram and Twitter .