IT Specialist
Apply NowCompany: Aramark
Location: Philadelphia, PA 19120
Description:
Job Description
The Program Manager for Attack Surface Management (ASM) proactively identifies, manages, and reduces the organization's digital attack surface through asset discovery, vulnerability scanning, and risk prioritization. This role directly impacts organizational success by enhancing security posture and enabling profitable growth through secure infrastructure and assets. The ideal candidate enjoys diverse challenges, thrives in a collaborative, innovative, and agile team environment, and seeks continuous opportunities for professional growth, supported by ongoing training and mentoring.
Job Responsibilities
Discovery & Inventory (Full Visibility)
Continuously identify external attack surfaces (domains, IPs, cloud buckets, APIs).
Maintain internal asset inventory through integrations with CMDB, vulnerability scanners, endpoint solutions, and cloud platforms.
Vulnerability & Configuration Management
Lead vulnerability scanning operations
Coordinate with patching teams to drive remediation of stale, non-standard, and risky asset configurations, emphasizing collaboration over direct patch management.
Risk-Based Prioritization & Contextualization
Prioritize vulnerabilities based on asset criticality, threat intelligence, and exposure risk.
Translate technical risk information into actionable insights understandable by business leaders.
Additional Responsibilities:
Threat Intelligence & External Monitoring
Monitor threat intelligence for external threats (e.g., spoofed domains).
Collaborate with Incident Response (IR), Legal, and business teams for domain management and incident response.
Business Alignment & Governance
Support asset ownership identification and independently maintain robust accountability frameworks.
Provide insights to governance structures.
Assist in collaborative development and maintenance of remediation playbooks.
Exposure Management & Remediation Enablement
Enable swift remediation through workflow automation, ServiceNow integration, and proactive notifications.
Cloud & DevSecOps Integration
Integrate ASM capabilities with cloud security posture management tools.
Collaborate with DevOps teams to monitor cloud environments and CI/CD pipelines for insecure configurations and secrets exposure, reinforcing a DevSecOps approach.
Tooling & Platform Coordination
Coordinate and assist with managing ASM tools (Qualys, Shodan, Bitsight, etc.) collaboratively with team, third-party support, and vendors to ensure effective platform performance.
Cross-Team Collaboration
Collaborate effectively with IT Operations, Networking, Cloud, Application Development, Legal, GRC, Architecture, and other stakeholders.
Forward-Looking Strategy
Support continuous evolution toward comprehensive Exposure Management and integrated Business Risk Insights.
Qualifications
COPE
Reports to Cybersecurity Sr. Director.
Requires understanding of cybersecurity frameworks (e.g., NIST, MITRE ATT&CK), vulnerability management practices, cloud security, and modern DevSecOps practices.
Strong cross-functional collaboration and influencing skills are essential.
Ability to operate strategically and tactically, maintaining hands-on involvement.
Welcomes candidates demonstrating potential, curiosity, and willingness to expand their skill sets, supported by structured mentorship and onboarding opportunities.
QUALIFICATIONS
Bachelor's degree in Cybersecurity, Information Technology, or related discipline preferred, or equivalent experience.
7+ years of experience in cybersecurity, vulnerability management, or related roles preferred.
Familiarity with ASM tooling (Qualys, Wiz.io, CrowdStrike, etc.), CMDB integrations, and cloud security platforms preferred.
Experience with cloud security or DevSecOps practices strongly desired, given the role's focus on these areas.
Ability to translate technical security information into actionable insights.
Relevant industry certifications (CISSP, CISM, GIAC certifications) desirable but not mandatory.
Strong project management, communication skills, and a collaborative mindset essential.
Education
Bachelors preferred
About Aramark
Our Mission
Rooted in service and united by our purpose, we strive to do great things for each other, our partners, our communities, and our planet.
At Aramark, we believe that every employee should enjoy equal employment opportunity and be free to participate in all aspects of the company. We do not discriminate on the basis of race, color, religion, national origin, age, sex, gender, pregnancy, disability, sexual orientation, gender identity, genetic information, military status, protected veteran status or other characteristics protected by applicable law.
About Aramark
The people of Aramark proudly serve millions of guests every day through food and facilities in 15 countries around the world. Rooted in service and united by our purpose, we strive to do great things for each other, our partners, our communities, and our planet. We believe a career should develop your talents, fuel your passions, and empower your professional growth. So, no matter what you're pursuing - a new challenge, a sense of belonging, or just a great place to work - our focus is helping you reach your full potential. Learn more about working here at http://www.aramarkcareers.com or connect with us on Facebook, Instagram and Twitter.
The Program Manager for Attack Surface Management (ASM) proactively identifies, manages, and reduces the organization's digital attack surface through asset discovery, vulnerability scanning, and risk prioritization. This role directly impacts organizational success by enhancing security posture and enabling profitable growth through secure infrastructure and assets. The ideal candidate enjoys diverse challenges, thrives in a collaborative, innovative, and agile team environment, and seeks continuous opportunities for professional growth, supported by ongoing training and mentoring.
Job Responsibilities
Discovery & Inventory (Full Visibility)
Continuously identify external attack surfaces (domains, IPs, cloud buckets, APIs).
Maintain internal asset inventory through integrations with CMDB, vulnerability scanners, endpoint solutions, and cloud platforms.
Vulnerability & Configuration Management
Lead vulnerability scanning operations
Coordinate with patching teams to drive remediation of stale, non-standard, and risky asset configurations, emphasizing collaboration over direct patch management.
Risk-Based Prioritization & Contextualization
Prioritize vulnerabilities based on asset criticality, threat intelligence, and exposure risk.
Translate technical risk information into actionable insights understandable by business leaders.
Additional Responsibilities:
Threat Intelligence & External Monitoring
Monitor threat intelligence for external threats (e.g., spoofed domains).
Collaborate with Incident Response (IR), Legal, and business teams for domain management and incident response.
Business Alignment & Governance
Support asset ownership identification and independently maintain robust accountability frameworks.
Provide insights to governance structures.
Assist in collaborative development and maintenance of remediation playbooks.
Exposure Management & Remediation Enablement
Enable swift remediation through workflow automation, ServiceNow integration, and proactive notifications.
Cloud & DevSecOps Integration
Integrate ASM capabilities with cloud security posture management tools.
Collaborate with DevOps teams to monitor cloud environments and CI/CD pipelines for insecure configurations and secrets exposure, reinforcing a DevSecOps approach.
Tooling & Platform Coordination
Coordinate and assist with managing ASM tools (Qualys, Shodan, Bitsight, etc.) collaboratively with team, third-party support, and vendors to ensure effective platform performance.
Cross-Team Collaboration
Collaborate effectively with IT Operations, Networking, Cloud, Application Development, Legal, GRC, Architecture, and other stakeholders.
Forward-Looking Strategy
Support continuous evolution toward comprehensive Exposure Management and integrated Business Risk Insights.
Qualifications
COPE
Reports to Cybersecurity Sr. Director.
Requires understanding of cybersecurity frameworks (e.g., NIST, MITRE ATT&CK), vulnerability management practices, cloud security, and modern DevSecOps practices.
Strong cross-functional collaboration and influencing skills are essential.
Ability to operate strategically and tactically, maintaining hands-on involvement.
Welcomes candidates demonstrating potential, curiosity, and willingness to expand their skill sets, supported by structured mentorship and onboarding opportunities.
QUALIFICATIONS
Bachelor's degree in Cybersecurity, Information Technology, or related discipline preferred, or equivalent experience.
7+ years of experience in cybersecurity, vulnerability management, or related roles preferred.
Familiarity with ASM tooling (Qualys, Wiz.io, CrowdStrike, etc.), CMDB integrations, and cloud security platforms preferred.
Experience with cloud security or DevSecOps practices strongly desired, given the role's focus on these areas.
Ability to translate technical security information into actionable insights.
Relevant industry certifications (CISSP, CISM, GIAC certifications) desirable but not mandatory.
Strong project management, communication skills, and a collaborative mindset essential.
Education
Bachelors preferred
About Aramark
Our Mission
Rooted in service and united by our purpose, we strive to do great things for each other, our partners, our communities, and our planet.
At Aramark, we believe that every employee should enjoy equal employment opportunity and be free to participate in all aspects of the company. We do not discriminate on the basis of race, color, religion, national origin, age, sex, gender, pregnancy, disability, sexual orientation, gender identity, genetic information, military status, protected veteran status or other characteristics protected by applicable law.
About Aramark
The people of Aramark proudly serve millions of guests every day through food and facilities in 15 countries around the world. Rooted in service and united by our purpose, we strive to do great things for each other, our partners, our communities, and our planet. We believe a career should develop your talents, fuel your passions, and empower your professional growth. So, no matter what you're pursuing - a new challenge, a sense of belonging, or just a great place to work - our focus is helping you reach your full potential. Learn more about working here at http://www.aramarkcareers.com or connect with us on Facebook, Instagram and Twitter.