Cyber SDC - Attack Surface Monitoring Analyst - Senior - Consulting - Location OPEN

Join to apply for the Cyber SDC - Attack Surface Monitoring Analyst - Senior - Consulting - Location OPEN role at EY

Get AI-powered advice on this job and more exclusive features.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. We value your unique voice and perspective to help EY improve. Join us to build an exceptional experience for yourself and a better working world for all.

EY emphasizes high ethical standards and integrity. We seek candidates who demonstrate these qualities.

In a rapidly changing IT landscape, EY is a trusted partner for clients across industries, offering reliable solutions to complex risks and vulnerabilities. As part of our Cloud Security team, you will help clients understand and manage their Enterprise Identity environments, evaluating and improving solutions, processes, and policies tailored to their IAM needs. This role allows you to leverage your technical skills and business insight to impact global cybersecurity positively.

We are looking for an experienced Attack Surface Monitoring professional to join our cybersecurity team as a Lead Engineer. You will identify and manage our attack surface through monitoring and analysis, requiring a strong knowledge of OSINT, reconnaissance, and assessment of external resources.

• Conduct OSINT and reconnaissance to discover externally accessible resources.
• Review assets manually to confirm ownership.
• Work with internal teams to classify assets accurately.
• Perform port scans, service discovery, and vulnerability scans.
• Analyze scan results for vulnerabilities.
• Verify vulnerabilities manually for accuracy.
• Prepare technical reports on vulnerabilities.

• Experience in cybersecurity, attack surface monitoring, penetration testing, and vulnerability management.
• Knowledge of OSINT techniques and reconnaissance methods.
• Proficiency with network scanning tools and frameworks.
• Strong analytical and problem-solving skills.
• Excellent documentation skills.

• Bachelor’s degree in a related field with ~4 years of experience, or graduate degree with ~3 years of experience.
• Experience in attack surface monitoring, penetration testing, or vulnerability management.
• Knowledge of exploits and security trends.
• Experience with OSINT and vulnerability scanners.
• Valid US driver’s license and/or passport; willingness to travel.

• Knowledge of Windows, Linux, Unix, and other OS.
• Certifications like OSCP, OSWP, GPEN, GWAPT, etc.
• Experience with scripting languages (Python, Bash).
• Understanding of security exploits, TTP, and web vulnerabilities (OWASP Top 10).
• Strong communication and teamwork skills.

We seek intellectually curious individuals passionate about cybersecurity, capable of innovative thinking and confident in presenting and technical skills, aiming to become industry leaders.

Our benefits include competitive salary ranges ($73,100 to $132,900 in the US; higher in NYC, WA, CA), comprehensive health coverage, retirement plans, paid time off, flexible work arrangements, and ongoing learning opportunities. We foster a diverse, inclusive culture where you can thrive and lead.

We accept applications continuously. If you meet the criteria, contact us promptly.

EY is committed to diversity and equal opportunity. We provide accommodations for applicants with disabilities. For assistance, contact 1-800-EY-HELP3 or email ssc.customersupport@ey.com.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Business Development and Sales
• Industries: Professional Services