Security Engineer - Exposure Management

Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow? A position at Xcel Energy could be just what you're looking for.

Role Summary

The Security Engineer - Exposure Management is responsible for building and maturing the attack surface management capability with a focus on answering where the organization is most exposed and what the actual risk is. This role owns external visibility, correlates external exposure to internal systems and accountable owners, and provides clear, actionable risk insight to stakeholders. The role operates in an advisory capacity and drives informed remediation through visibility, analysis, and communication, not direct system changes.

Primary Objectives

• Establish and maintain authoritative visibility of externally exposed assets across domains, IP space, applications, and services.

• Correlate external exposure to internal systems and accountable owners, including complex non-1:1 relationships.

• Answer where risk exists and what exposure means in practical terms to the business.

• Build workflows to manage external findings with minimal manual effort using integration and automation.

• Improve coverage, mapping accuracy, and data quality to reduce unknown external exposure.

Responsibilities

• Build and operate the attack surface management capability, including processes, integrations, and workflows.

• Maintain visibility into externally exposed assets including domains, IPs, web applications, APIs, certificates, load balancers, and DMZ services.

• Correlate external findings to internal systems and ownership across complex, indirect relationships.

• Coordinate with threat intelligence, network, firewall, DNS, and load balancing teams to validate exposure and ownership.

• Develop and maintain integrations to support discovery, enrichment, and correlation of external assets.

• Drive routing accuracy by ensuring findings map to the correct owners and identifying ownership gaps.

• Identify and resolve data quality issues impacting visibility, coverage, and correlation.

• Integrate findings into ServiceNow workflows where applicable to support routing and tracking.

• Reduce manual effort by standardizing and automating repeatable processes.

• Analyze exposure and vulnerability data in context to determine actual risk beyond tool-based severity.

• Communicate complex technical risk clearly to non-technical stakeholders with actionable recommendations.

• Document processes, playbooks, and operational standards to sustain the capability.

Required Qualifications

• Minimum 5 years of experience in information security.

• Minimum 3 years of hands-on experience in enterprise vulnerability management, exposure management, or network security.

• Strong understanding of networking fundamentals including firewalls, ACLs, routing, load balancing, and externally exposed architectures.

• Strong understanding of DNS, web infrastructure, certificates, and DMZ environments.

• Understanding of infrastructure vulnerability assessment and discovery scanning concepts.

• Basic understanding of cloud-hosted and externally exposed services.

• Basic understanding of web applications and externally facing service risk.

• Strong experience correlating external data to internal systems and ownership across inconsistent datasets.

• Strong analytical and complex technical problem-solving skills.

• Ability to assess and communicate risk beyond tool-generated severity using context.

• Experience working with CMDB or similar systems for asset and ownership tracking.

• Ability to operate independently in a greenfield program environment.

Preferred Qualifications

• Experience integrating external exposure data into ServiceNow workflows for routing and tracking.

• Experience improving data quality, deduplication, and correlation across multiple data sources.

• Experience working with externally exposed enterprise environments and perimeter infrastructure.

• Experience automating data collection, normalization, or correlation using scripting or APIs.

Certifications

• Sec+ required.

• Higher-level security or risk-related certifications preferred.

Work Location

Hybrid role requiring three days per week in the office. Must be located within Xcel Energy territory and reasonably close to an Xcel Energy facility. Denver, Colorado and Minnesota areas preferred.

As a leading combination electricity and natural gas energy company, Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy, we strive to be the preferred and trusted provider of the energy our customers need. If you're ready to be a part of something big, we invite you to join our team.

All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Individuals with a disability who need an accommodation to apply please contact us at View email address on click.appcast.io .

Non-Bargaining

The anticipated starting base pay for this position is: $97,600.00 to $138,600.00 per year

This position is eligible for the following benefits: Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition reimbursement, Transit programs, Employee recognition program, Pension, 401(k) plan, Paid time off (PTO), Holidays, Volunteer Paid Time Off (VPTO), Parental Leave

Benefit plans are subject to change and Xcel Energy has the right to end, suspend, or amend any of its plans, at any time, in whole or in part.

In any materials you submit, you may redact or remove age-identifying information including but not limited to dates of school attendance and graduation. You will not be penalized for redacting or removing this information.

Deadline to Apply: 06/21/26

EEO is the Law ( | EEO is the Law Supplement ( | Pay Transparency Nondiscrimination ( | Equal Opportunity Policy (PDF) ( | Employee Rights (PDF) (

All Xcel Energy employees and contractors share responsibility for protecting the company's information and systems by adhering to cybersecurity policies, standards, and best practices, recognizing that cybersecurity is everyone's responsibility.

ACCESSIBILITY STATEMENT

Xcel Energy endeavors to make accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Xcel Energy Talent Acquisition at View email address on click.appcast.io. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.