Vulnerability Management Discovery Lead
Job description
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
Vulnerability Discovery Lead, Attack Surface Management
Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team helps protect the EY brand and build client trust.
Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value.
The opportunity
The Vulnerability Discovery Lead is responsible for leading the identification and confirmation of vulnerabilities within the organization's network, systems, and applications. This role requires a comprehensive understanding of the cybersecurity landscape, including emerging threats and the latest discovery techniques. The Vulnerability Discovery Lead will work closely with their counterpart in Vulnerability Assessment to enhance the organization's vulnerability management capabilities and contribute to the overall security strategy.
Your key responsibilities
The Vulnerability Discovery Lead will lead a team of analysts conducting assessments of attack surface weaknesses to determine high priority vulnerabilities, misconfigurations, poor hygiene, and prescribed remediation recommendations. The Vulnerability Discovery Lead will develop and oversee the strategy driving the utilization of scanning tools and technology to align with leading practices. Additionally, the role will require an ability to use open-source tools to assess the EY attack surface in the same capacity as an adversary. The Vulnerability Discovery Lead will foster collaborative efforts to improve the EY security posture by developing relationships, processes, and talents in adjacent teams with a collective objective of reducing the attack surface.
Skills and attributes for success
- Proficiency in identifying, analyzing and managing vulnerabilities across an enterprise
- Experience conducting penetration testing
- Familiarity with scripting and automation languages like Python and Powershell
- Demonstrated ability to distil complex, technical data into clear, concise explanations
- Ability to use open-source tools to collect information about an attack surface
- Expertise in securing cloud environments and understanding leading practices
- Strong knowledge of network protocols and security measures
- An ability to work effectively with other teams, communicate risk and provide clear recommendations
- Efficient research methodologies
To qualify for the role you must have
- 10+ years of Information Security experience with a focus on threat mitigation and/or vulnerability management
- 5+ years of Offensive Cybersecurity experience
- Working knowledge of identifying and remediating vulnerabilities in an enterprise environment
- An expert ability to assess an organization’s attack surface internally and externally
- Demonstrated experience assessing and communication the risk of vulnerabilities to all levels within an organization
- An in-depth understanding of security control functionality in the context of threats
- Proficiency developing non-traditional solutions to complex challenges
- Experience mentoring and developing junior talent from diverse backgrounds
Ideally, you’ll also have
- Purple Team expertise
- 3+ years of incident response experience
What we look for
We are looking for an experienced, self-driven, experienced leader that can operate independently and improve the organization’s ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization.
What working at EY offers
As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:
- Continuous learning: You will develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.
- Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.