Cyber Managed Services - Vulnerability Management SDC - Senior

About The Position

Requirements

• A bachelor's degree and a minimum of 3 years of related work experience; or a graduate degree and approximately 1-2 years of related work experience.
• Demonstrated experience in vulnerability management, including hands-on use of vulnerability management tools.
• Prior experience in providing Vulnerability Management services to clients from various industries, demonstrating versatility and adaptability in addressing diverse Vulnerability Management challenges.
• Strong written and verbal communication skills with demonstrated ability to interact with senior management, technical SMEs, business partners and influence decisions.
• Must be able to effectively communicate with business partners in non-technical terms.
• A willingness to travel to meet client needs.
• A valid driver's license in the US.
• Familiarity with security and risk standards including ISO 27001-2, CIS, PCI DSS, NIST, ITIL, COBIT.
• Knowledge of Windows, Linux, UNIX, and any other major on-prem and cloud based operating systems.
• Hands-on operational experience with vulnerability management tools (e.g., Qualys, Nexpose, Wiz), including the ability to deploy, configure and run these tools.
• Ability to evaluate vulnerability management tools and assist with vendor selection.
• Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions.
• Knowledge of general cybersecurity concepts and methods including, but not limited to vulnerability management, privacy, incident response, governance, risk and compliance, enterprise security strategies and architecture.
• Ability to help manage cybersecurity projects including development of project charters, plans and status updates.
• Experience with scripting / programming skills (e.g., Python, PowerShell).
• Experience with utilizing Microsoft Excel and/or PowerBi to develop vulnerability management program metrics.
• Familiarity with latest security vulnerabilities and exploits, understanding of web-based application vulnerabilities (OWASP Top 10), cloud security and architecture.
• Experience with using factors such as EPSS, CVSS, CISA KEV and threat intelligence sources to identify and prioritize vulnerabilities.
• Proficient knowledge of CVE (Common Vulnerabilities and Exposures) and CWE (Common Weakness Enumerations) frameworks.
• Experience in developing and curating meaningful metrics for both executive and operational audiences, translating technical details into actionable insights.

Nice To Haves

• Strong interpersonal and communication skills to collaborate with clients and present solutions.
• Ability to analyze issues both strategically and technically.
• Proven ability to influence decisions and work across multiple simultaneous initiatives.
• Prior consulting experience (preferred).
• Willingness to travel for client needs
• A cyber security certification such as the CISSP, CEH, or GSEC is a plus

Responsibilities

• Developing rapport with others by demonstrating an understanding of their concerns, needs, and issues, and focusing on developing an internal network of relationships that can provide advice and support.
• Monitor progress, manage risk, and ensure key stakeholders are kept informed about progress and expected outcomes.
• Stay abreast of current business and industry trends relevant to the client's business and cybersecurity.
• Assist engagement teams in evaluating client vulnerability management programs across people, process, and technology.
• Work with engagement teams to own distinct portions of vulnerability management solutions tailored to client environments.
• Perform and control vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls.
• Support ongoing vulnerability management operations, including SLA tracking, backlog management, and remediation validation
• Contribute to continuous service improvement by refining workflows, metrics, and automation across VM operations
• Participate in operational governance activities, including service reviews and KPI reporting

Benefits

• We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business.
• The base salary range for this job in all geographic locations in the US is $77,500 to $140,900.
• The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $92,900 to $160,500.
• Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography.
• In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
• Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.