Cyber SDC - Attack Surface Monitoring Analyst - Senior - Consulting - Location OPEN

Join to apply for the Cyber SDC - Attack Surface Monitoring Analyst - Senior - Consulting - Location OPEN role at EY.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. We value your unique voice and perspective to help EY improve. Join us to create an exceptional experience for yourself and contribute to a better working world.

EY emphasizes high ethical standards and integrity among its employees, expecting all candidates to demonstrate these qualities.

In a constantly evolving IT landscape, EY is a trusted partner for clients across diverse industries, providing reliable solutions for complex risks and vulnerabilities. As a key member of our Cloud Security team, you will help clients understand and manage their Enterprise Identity environments, evaluating and improving solutions, processes, and policies tailored to their IAM needs. This role offers an opportunity to leverage your technical skills and business insight to make a significant impact on global cybersecurity.

We are seeking an experienced Attack Surface Monitoring professional to join our cybersecurity team as a Lead Engineer. Your main responsibility will be to identify and manage our attack surface through comprehensive monitoring and analysis, requiring expertise in open-source intelligence (OSINT), reconnaissance techniques, and assessment of externally accessible resources.

• Conduct OSINT and reconnaissance to identify external resources related to the organization.
• Review discovered assets manually to verify ownership.
• Work with internal teams to classify and manage assets accurately.
• Perform port scans, service discovery, and low-impact vulnerability scans.
• Analyze scan results to find vulnerabilities and weaknesses.
• Verify vulnerabilities manually to ensure relevance.
• Prepare technical reports on verified vulnerabilities.

• Proven experience in cybersecurity, attack surface monitoring, penetration testing, and vulnerability management.
• Strong knowledge of OSINT techniques and reconnaissance methodologies.
• Proficiency with network scanning tools and vulnerability assessment frameworks.
• Excellent analytical, problem-solving, and documentation skills.

• Bachelor's degree in a related field with approximately 4 years of experience, or a graduate degree with about 3 years of experience.
• Experience in attack surface monitoring, penetration testing, or vulnerability management projects.
• Updated knowledge of exploits and security trends.
• Hands-on experience with OSINT techniques and vulnerability scanners.
• Valid driver's license in the US and/or passport, with the ability to travel.

• Knowledge of Windows, Linux, Unix, and other OS.
• Certifications such as OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM, PMP, CREST.
• Experience with scripting languages like Python or Bash for automation.
• Familiarity with recent exploits, attack techniques, and security trends.
• Understanding of network security and web application vulnerabilities (OWASP Top 10).
• Strong communication skills and team collaboration ability.

We seek intellectually curious individuals passionate about cybersecurity, capable of contributing innovative ideas and growing into industry leaders. If you are confident in your technical and presentation skills, this role offers a great opportunity.

We provide a comprehensive compensation and benefits package, including competitive salaries ($73,100 to $132,900 in the US; higher in NYC, Washington, CA), medical and dental coverage, pension, 401(k), and paid time off. Our hybrid work model encourages in-person collaboration 40-60% of the time. We support your well-being with flexible vacations, holidays, and leave options.

• Continuous learning and development opportunities.
• Tools and flexibility to make a meaningful impact.
• Leadership development and coaching.
• Diverse and inclusive culture that embraces individual identities.

EY accepts applications on an ongoing basis. If you meet the criteria, contact us promptly. EY aims to build a better working world by creating long-term value for clients, employees, and society, leveraging data and technology across over 150 countries.

For California residents, additional information is available here.

EY is an equal opportunity employer, committed to diversity and inclusion. We provide reasonable accommodations for individuals with disabilities or veterans. For assistance, contact 1-800-EY-HELP3 or email ssc.customersupport@ey.com.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Business Development and Sales
• Industries: Professional Services