FS - RISK CONSULTING - TPRM - Senior - Vulnerability And Platform Security

Digital Risk- Vulnerability & Platform Security – Senior

Job purpose:

Senior in the Risk Advisory team to work on Vulnerability Management, Platform Security, and Security Operations governance engagements for global clients.

You will be responsible for executing vulnerability management lifecycle activities, patching governance, and platform-level security oversight in alignment with EY methodologies. You will help drive consistent visibility into vulnerability posture and remediation tracking across environments.

You will work closely with infrastructure, cloud, and security teams to strengthen remediation processes and leverage attack-driven insights (Glasswing-aligned approach) to prioritize vulnerabilities based on real-world exploitability.

You will contribute to scaling security hygiene practices and strengthening governance frameworks across environments.

Your client responsibilities:

• Execute vulnerability management lifecycle including identification, assessment, prioritization, and remediation tracking
• Support and oversee automated patching and remediation processes
• Incorporate attack-driven prioritization and exposure validation (Glasswing-aligned approach)
• Help prioritize vulnerabilities based on exploitability and potential business impact
• Develop and review dashboards and reports for vulnerability posture
• Engage with infrastructure and platform teams for remediation tracking and closure
• Conduct platform security assessments across OS, network, and cloud environments
• Support governance and compliance alignment for vulnerability and patch management programs
• Assist in optimizing vulnerability management and patching processes
• Contribute to proposal development and identify new opportunities in platform security
• Provide regular updates and reporting to stakeholders.

Your people responsibilities:

• Collaborate effectively across teams to deliver engagements on time and with quality
• Mentor junior team members on vulnerability management tools and processes
• Contribute to internal initiatives and process improvements
• Participate in knowledge sharing and capability building sessions 

Mandatory skills: 

• Strong understanding of vulnerability management lifecycle and governance
• Experience with vulnerability scanning tools (Qualys, Nessus, Rapid7, etc.)
• Knowledge of patch management processes and automation
• Understanding of risk-based prioritization and vulnerability exposure
• Familiarity with attack-driven validation concepts (Glasswing-aligned approach)
• Strong knowledge of infrastructure security (Windows, Linux, network environments)
• Understanding of CVSS scoring and risk classification
• Experience in reporting, dashboards, and metrics (Excel, Power BI or similar)
• Knowledge of cloud and hybrid environments
• Certifications such as CISSP, CISA, or equivalent preferred
• BE/BTech/MCA with 4–8 years of relevant experience 

Preferred skills: 

• Exposure to automation scripting (Python, PowerShell)
• Experience in large-scale enterprise environments
• Client-facing and consulting experience