Cyber SDC - Vulnerability Management Project Lead - Senior - Consulting - Location OPEN

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. We’re counting on your unique voice and perspective to help EY become even better. Join us and build an exceptional experience for yourself, and a better working world for all.

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.

We are seeking an experienced Vulnerability Management (VM) Cyber Managed Services Senior to join our team in designing, implementing, and managing our vulnerability management service offering. The ideal candidate will have a strong background in vulnerability management tools and services and experience working within a team of cybersecurity professionals. This role involves creating tailored solutions for clients to deploy and manage effective vulnerability management programs, combining technical expertise with an understanding of business risks.

1. Develop rapport with others by understanding their concerns, needs, and issues, and build an internal network of relationships for advice and support.
2. Monitor progress, manage risk, and keep stakeholders informed about progress and expected outcomes.
3. Stay updated on current business and industry trends relevant to cybersecurity.
4. Assist engagement teams in evaluating client vulnerability management programs across people, process, and technology.
5. Work with engagement teams to own parts of vulnerability management solutions tailored to client environments.
6. Perform vulnerability assessments to identify control weaknesses and evaluate existing controls.

1. Knowledge of security and risk standards such as ISO 27001, CIS, PCI DSS, NIST, ITIL, COBIT.
2. Understanding of Windows, Linux, UNIX, and cloud-based operating systems.
3. Operational experience with vulnerability management tools (e.g., Qualys, Nexpose), including deployment, configuration, and operation.
4. Ability to evaluate and assist in vendor selection for vulnerability management tools.
5. Skills in root cause analysis and technical solution development for vulnerabilities.
6. Knowledge of cybersecurity concepts including vulnerability management, privacy, incident response, governance, and risk management.
7. Project management skills for cybersecurity initiatives.
8. Scripting/programming skills (e.g., Python, PowerShell).
9. Proficiency with Excel and PowerBi for developing metrics.
10. Familiarity with security vulnerabilities, exploits, web vulnerabilities (OWASP Top 10), cloud security, and architecture.
11. Experience using factors like EPSS, CVSS, CISA KEV, and threat intelligence for vulnerability prioritization.
12. Knowledge of CVE and CWE frameworks.
13. Ability to develop metrics for different audiences, translating technical details into actionable insights.

1. Bachelor’s degree with 2+ years of related experience, or graduate degree with 1-2 years of experience.
2. Experience in vulnerability management, including hands-on tool usage.
3. Experience providing vulnerability management services across industries.
4. Strong communication skills for interacting with management and technical teams.
5. Willingness to travel; valid US driver’s license.

1. Strong interpersonal and presentation skills.
2. Ability to analyze issues strategically and technically.
3. Experience in consulting (preferred).
4. Cybersecurity certifications such as CISSP, CEH, or GSEC are a plus.

We seek curious professionals passionate about cybersecurity, with expertise in Vulnerability Management and innovation capacity. Confidence in technical and presentation skills is essential for this role.

Comprehensive compensation and benefits, including salary ranges ($73,100 - $132,900; NYC/Washington/California higher), medical, dental, pension, 401(k), paid time off, and flexible work arrangements. We promote continuous learning, leadership development, diversity, and inclusion.

Applications are accepted on an ongoing basis. If you meet the criteria, please contact us promptly.

EY is committed to building a better working world, providing trust through assurance, and helping clients grow and transform. We value diversity and are an equal opportunity employer.