Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

EY Vulnerability Management Lead - Government Public 
United States, Virginia, Arlington 
505736305

22.09.2024

Our GPS Technology Organization is a structure within the US GPS practice that implements and maintains a new operate and technology model designed specifically to support U.S. defense and Government engagements.

As the Vulnerability Management Lead you will assist the CISO and Cyber Defense Lead design and drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a complex organization. You will play a lead role in the development and maturity of our threat intelligence program.

Your key responsibilities

  • Collaborate with the Cybersecurity Operations Team ensuring proper Security Operations Center (SOC) performance, threat strategy, management and reporting across the organization
  • Provide vulnerability data feeds which the SOC can use to alert on
  • Produce and regularly evaluates all Vulnerability Management program and process related documentation
  • Perform and provide vulnerability assessment results and recommendations to the Cyber Defense Leader, Information Security Governance Lead and Cloud Operations Leads on a weekly basis and especially when needed due to identified threats
  • Provide vulnerability risk assessment guidance to peers and stakeholders throughout the organization
  • Provide regular reporting on patch management operations compliance
  • Communicate potential risks and business impacts with technical and non-technical internal partners
  • Provide threat analysis and current status summations to leadership along with proposed actions to minimize identified threats
  • Ensure effective and complete scanning of production and non-production environments, and capable of providing evidence of the scans
  • Ensure the accurate and timely release of vulnerability metrics
  • Research and investigate new and emerging vulnerabilities, to include Zero Day events, assess against risk to the corporate and production environments, and participate in EY Global communities to share intelligence
  • Manage the work direction and resource needs for the VM platform within the GPS IT environment
  • Maintain an ongoing development of current threat intelligence and vulnerability analysis with an in-depth knowledge of identification, mitigation, and recovery strategies

Skills and attributes for success

  • Knowledge of security frameworks and standards (e.g., NIST,DoD SRG).
  • Ability to analyse vulnerability scans and reports to identify security risks.
  • Skill in interpreting the results of penetration tests.
  • Competence in assessing the severity of vulnerabilities and potential impact.
  • Meticulousness in reviewing technical details and understanding the implications.
  • Precision in documenting vulnerabilities and the steps needed for remediation.
  • Creativity in developing solutions to mitigate or remediate vulnerabilities.
  • Ability to prioritize issues based on risk and business impact.
  • Proficiency in communicating technical information to non-technical stakeholders.
  • Skill in writing clear and concise reports and remediation plans.
  • Ability to advocate for security within the organization.
  • Capability to manage multiple tasks and projects simultaneously.
  • Efficiency in tracking and monitoring vulnerability management processes.
  • Teamwork skills to work with IT, security, and other departments.
  • Ability to build relationships with vendors and security researchers.
  • Commitment to staying current with the latest security trends and threats.
  • Willingness to pursue relevant certifications (e.g., CISSP, CEH, OSCP).
  • Understanding of risk assessment methodologies and risk management principles.
  • Ability to communicate risk to stakeholders and influence decision-making.
  • Skills in planning, executing, and overseeing vulnerability management projects.
  • Strong ethical standards to handle sensitive information responsibly.
  • Ability to adapt to changing threat landscapes and technologies.
  • Ability to align vulnerability management activities with the organization's strategic goals.
  • Basic programming or scripting skills to automate tasks and analyse data.

To qualify for the role you must have

  • Minimum bachelor’s degree in information systems or related field or an equivalent combination of education and experience
  • 5+years of comprehensive knowledge of Vulnerability Management identification, analysis, metrics and reporting tools processes enabling proper governance, risk and compliance
  • Familiar with Azure.gov/GCCH environments preferred, Vulnerability Management tools
  • Extensive knowledge and experience with diverse IT architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments
  • Must have Excellent communication skills, translating complex technical information across all levels of the organization
  • Speak in front of non-technical executives on matters related to vulnerabilities to their systems and any threats against those systems
  • Well organized with excellent follow up skills to meet deadlines, coordinates work of others while fostering teamwork and cooperation, and able to handle multiple concurrent tasks
  • Have broad scope knowledge and experience in Vulnerability management processes
  • Must be able to work independently in a remote work environment
  • Ability to obtain and maintain Top Secret Security Clearance

Ideally, you’ll also have

  • Previous Cybersecurity engineering experience preferred
  • Experience with security management tools, i.e. SIEMs, EDRs, MSFT Defender for Cloud
  • Experience with Threat Intel feeds preferred
  • CISSP, CEH, SANS GIAC (i.e GIAC Enterprise Vulnerability Assessor Certification (GEVA) and/or GIAC Cyber Threat Intelligence (GCTI) or other security relevant certifications are preferred
  • Experience with perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention) preferred
  • Expert level familiarity with multiple enterprise vulnerability management tools, such as Qualys, MSFT Defender, Tanium, etc..
What we offer
We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $124,400 to $232,700. The salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $149,300 to $264,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
  • Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
  • Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
  • Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
  • Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.