Mission and roles
As an ASM (Attack Surface Management) analyst, your role will be twofold:
- Handle findings about external attack surface
- Handle findings about internal attack surface
Key Responsibilities
External Attack Surface (Internet-facing)
- Review security findings from the EASM tool
- Check if the asset really belongs to the company or is a false positive
- Report false positives to improve the tool
- Analyze risk (firewall present, internal network access, signs of attack)
- Escalate real cyber incidents to the Incident Response team
- Identify the asset owner (business unit, region, perimeter)
- Share findings with the responsible Information Security Officer (ISO)
- Update records and close findings
- Perform manual hunts to find exposed assets missed by tools
Internal Attack Surface (Internal network)
- Use internal tools to discover unknown or unmanaged assets
- Compare scan results with company asset records
- Identify asset ownership and assign to the correct ISO
- Ensure assets are either:
- Secured and registered, or
- Disconnected if unauthorized
- Close findings after verification
ASM Analyst
Infosys
naukri
Hybrid - Pune
2-5 years Not Disclosed
Full time
30 April 2026
Top Skills:
Internal Attack SurfaceExternal Attack Surface ManagementAttack Surface ManagementFirewallIncident ResponsePerimeter
96
Get Personalized Job Matches with 1 Click
Job Description
Download ResumeMission and roles
As an ASM (Attack Surface Management) analyst, your role will be twofold:
- Handle findings about external attack surface
- Handle findings about internal attack surface
Key Responsibilities
External Attack Surface (Internet-facing)
- Review security findings from the EASM tool
- Check if the asset really belongs to the company or is a false positive
- Report false positives to improve the tool
- Analyze risk (firewall present, internal network access, signs of attack)
- Escalate real cyber incidents to the Incident Response team
- Identify the asset owner (business unit, region, perimeter)
- Share findings with the responsible Information Security Officer (ISO)
- Update records and close findings
- Perform manual hunts to find exposed assets missed by tools
Internal Attack Surface (Internal network)
- Use internal tools to discover unknown or unmanaged assets
- Compare scan results with company asset records
- Identify asset ownership and assign to the correct ISO
- Ensure assets are either:
- Secured and registered, or
- Disconnected if unauthorized
- Close findings after verification