Cyber SDC - Attack Surface Monitoring Analyst - Senior - Consulting - Location OPEN

Join to apply for the Cyber SDC - Attack Surface Monitoring Analyst - Senior - Consulting - Location OPEN role at EY.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of yourself. We value your unique voice and perspective to help EY improve continuously. Join us to create an exceptional experience for yourself and contribute to a better working world.

EY emphasizes high ethical standards and integrity among its employees, expecting all candidates to demonstrate these qualities.

In an ever-evolving IT landscape, EY remains a trusted partner for clients across various industries, providing reliable solutions to address complex risks and vulnerabilities. As a key member of our Cloud Security team, you will play a vital role in helping clients understand and manage their Enterprise Identity environments. Your expertise will be crucial in evaluating, improving, and developing innovative solutions, processes, and policies tailored to each client's IAM needs. This role offers an opportunity to leverage your technical skills and business insight to make a significant impact on global cybersecurity.

We are seeking an experienced Attack Surface Monitoring professional to join our cybersecurity team as a Lead Engineer. The ideal candidate will be responsible for identifying and managing the organization’s attack surface through comprehensive monitoring and analysis. This role requires strong knowledge of open-source intelligence (OSINT), reconnaissance techniques, and the ability to conduct detailed assessments of externally accessible resources.

• Conduct regular OSINT and reconnaissance activities to discover externally accessible resources related to the organization.
• Perform manual reviews of discovered assets to confirm their validity as company-owned resources.
• Collaborate with internal teams to ensure accurate identification and classification of assets.
• Execute port scans, service discovery, and low-impact vulnerability scans against identified resources.
• Analyze scan results to identify potential vulnerabilities and security weaknesses.
• Conduct manual verification of discovered vulnerabilities to ensure accuracy and relevance.
• Compile a technical report of verified vulnerabilities.

• Proven experience in cybersecurity, specifically in attack surface monitoring, penetration testing, and vulnerability management.
• Strong knowledge of OSINT techniques and reconnaissance methodologies.
• Proficiency in network scanning tools and vulnerability assessment frameworks.
• Excellent analytical and problem-solving skills.
• Excellent documentation skills for technical findings and vulnerabilities.

• A bachelor’s degree in a related field with approximately 4 years of related experience; or a graduate degree with about 3 years of experience.
• Experience in attack surface monitoring, penetration testing, or vulnerability management projects.
• Updated knowledge of the latest exploits and security trends.
• Hands-on experience with OSINT techniques and vulnerability scanners.
• A valid driver’s license in the US and/or a valid passport; willingness and ability to travel.

• Knowledge of Windows, Linux, Unix, and other major operating systems.
• Certifications such as OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM, PMP, CREST Certified Attack Manager.
• Experience with scripting languages (e.g., Python, Bash) for automation.
• Familiarity with the latest exploits, tactics, techniques, procedures (TTPs), vulnerability remediation, and security trends for OSINT, network, and web applications.
• Understanding of network security and common attack vectors.
• Knowledge of web application vulnerabilities (OWASP Top 10).
• Strong analytical and problem-solving skills.
• Excellent communication skills, both written and verbal.
• Ability to work collaboratively in a team environment.

We seek intellectually curious individuals passionate about cybersecurity. Your broad experience in ASM will enable you to contribute innovative ideas that can impact both our organization and the industry. If you are confident in your presentation and technical skills and aspire to become a leading expert, this role is for you.

We provide a comprehensive compensation and benefits package, rewarding performance and recognizing your value. The base salary range in the US is $73,100 to $132,900; in the NYC Metro, Washington State, and California (excluding Sacramento), it’s $87,600 to $151,400. Salaries are determined by education, experience, skills, and location. Our Total Rewards include medical and dental coverage, pension and 401(k), paid time off, and flexible work arrangements. Our hybrid model expects most external, client-facing roles to work in person 40-60% of the time. Our flexible vacation policy allows you to decide your time off, supplemented by holidays and special leave options.

• Continuous learning to adapt to future challenges.
• Success defined by you, with tools and flexibility to make an impact.
• Transformative leadership development.
• Diverse and inclusive culture that embraces individuality and empowers your voice.

Applications are accepted on an ongoing basis. If you meet the criteria, please contact us promptly.

EY’s mission is to build a better working world by creating long-term value for clients, people, and society, fostering trust in capital markets. Enabled by data and technology, our diverse teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. We ask better questions to find innovative solutions for today’s complex issues.

For California residents, additional information is available here.

We are committed to equal employment opportunities and providing reasonable accommodations for individuals with disabilities or veterans. For assistance, contact EY’s Talent Shared Services Team at ssc.customersupport@ey.com.