Skip to main content

Vulnerability Management Lead - Government and Public Sector - Assistant Director

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better. Join us and build an exceptional experience for yourself, and a better working world for all.

The exceptional EY experience. It's yours to build.

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.

**The opportunity**

From strategy to execution, the Government & Public Sector (GPS) practice of Ernst & Young LLP provides a full range of consulting and audit services to help our Federal, State, Local and Education clients implement new ideas to help achieve their mission outcomes. We deliver real change and measurable results through our diverse, high-performing teams, quality work at the highest professional standards, operational know-how from across our global organization, and creative and bold ideas that drive innovation. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military, veterans and citizens; delivering essential public services; and helping those in need. EY is ready to help our government build a better working world. 

Our GPS Technology Organization is a structure within the US GPS practice that implements and maintains a new operate and technology model designed specifically to support U.S. defense and Government engagements. 

As the Vulnerability Management Lead you will assist the CISO and Cyber Defense Lead design and drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a complex organization. You will play a lead role in the development and maturity of our threat intelligence program.

**Your key responsibilities**

+ Collaborate with the Cybersecurity Operations Team ensuring proper Security Operations Center (SOC) performance, threat strategy, management and reporting across the organization

+ Provide vulnerability data feeds which the SOC can use to alert on

+ Produce and regularly evaluates all Vulnerability Management program and process related documentation

+ Perform and provide vulnerability assessment results and recommendations to the Cyber Defense Leader, Information Security Governance Lead and Cloud Operations Leads on a weekly basis and especially when needed due to identified threats

+ Provide vulnerability risk assessment guidance to peers and stakeholders throughout the organization

+ Provide regular reporting on patch management operations compliance

+ Communicate potential risks and business impacts with technical and non-technical internal partners

+ Provide threat analysis and current status summations to leadership along with proposed actions to minimize identified threats

+ Ensure effective and complete scanning of production and non-production environments, and capable of providing evidence of the scans

+ Ensure the accurate and timely release of vulnerability metrics

+ Research and investigate new and emerging vulnerabilities, to include Zero Day events, assess against risk to the corporate and production environments, and participate in EY Global communities to share intelligence

+ Manage the work direction and resource needs for the VM platform within the GPS IT environment

+ Maintain an ongoing development of current threat intelligence and vulnerability analysis with an in-depth knowledge of identification, mitigation, and recovery strategies

**Skills and attributes for success**

+ Knowledge of security frameworks and standards (e.g., NIST,DoD SRG).

+ Ability to analyse vulnerability scans and reports to identify security risks.

+ Skill in interpreting the results of penetration tests.

+ Competence in assessing the severity of vulnerabilities and potential impact.

+ Meticulousness in reviewing technical details and understanding the implications.

+ Precision in documenting vulnerabilities and the steps needed for remediation.

+ Creativity in developing solutions to mitigate or remediate vulnerabilities.

+ Ability to prioritize issues based on risk and business impact.

+ Proficiency in communicating technical information to non-technical stakeholders.

+ Skill in writing clear and concise reports and remediation plans.

+ Ability to advocate for security within the organization.

+ Capability to manage multiple tasks and projects simultaneously.

+ Efficiency in tracking and monitoring vulnerability management processes.

+ Teamwork skills to work with IT, security, and other departments.

+ Ability to build relationships with vendors and security researchers.

+ Commitment to staying current with the latest security trends and threats.

+ Willingness to pursue relevant certifications (e.g., CISSP, CEH, OSCP).

+ Understanding of risk assessment methodologies and risk management principles.

+ Ability to communicate risk to stakeholders and influence decision-making.

+ Skills in planning, executing, and overseeing vulnerability management projects.

+ Strong ethical standards to handle sensitive information responsibly.

+ Ability to adapt to changing threat landscapes and technologies.

+ Ability to align vulnerability management activities with the organization's strategic goals.

+ Basic programming or scripting skills to automate tasks and analyse data.

**To qualify for the role you must have**

+ Minimum bachelor’s degree in information systems or related field or an equivalent combination of education and experience

+ 5+years of comprehensive knowledge of Vulnerability Management identification, analysis, metrics and reporting tools processes enabling proper governance, risk and compliance

+ Familiar with Azure.gov/GCCH environments preferred, Vulnerability Management tools

+ Extensive knowledge and experience with diverse IT architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments

+ Must have Excellent communication skills, translating complex technical information across all levels of the organization

+ Speak in front of non-technical executives on matters related to vulnerabilities to their systems and any threats against those systems

+ Well organized with excellent follow up skills to meet deadlines, coordinates work of others while fostering teamwork and cooperation, and able to handle multiple concurrent tasks

+ Have broad scope knowledge and experience in Vulnerability management processes

+ Must be able to work independently in a remote work environment

+ Ability to obtain and maintain Top Secret Security Clearance

**Ideally, you’ll also have**

+ Previous Cybersecurity engineering experience preferred

+ Experience with security management tools, i.e. SIEMs, EDRs, MSFT Defender for Cloud

+ Experience with Threat Intel feeds preferred

+ CISSP, CEH, SANS GIAC (i.e GIAC Enterprise Vulnerability Assessor Certification (GEVA) and/or GIAC Cyber Threat Intelligence (GCTI) or other security relevant certifications are preferred

+ Experience with perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention) preferred

+ Expert level familiarity with multiple enterprise vulnerability management tools, such as Qualys, MSFT Defender, Tanium, etc..

**What we offer**

We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $124,400 to $232,700. The salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $149,300 to $264,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

+ **Continuous learning:** You’ll develop the mindset and skills to navigate whatever comes next.

+ **Success as defined by you:** We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

+ **Transformative leadership:** We’ll give you the insights, coaching and confidence to be the leader the world needs.

+ **Diverse and inclusive culture:** You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

**If you can demonstrate that you meet the criteria above, please contact us as soon as possible.**

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.

EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at ssc.customersupport@ey.com