EY Vulnerability Management Analyst - Government 

United States, Virginia, Arlington 

820250075

Our GPS Technology Organization is a structure within the US GPS practice that implements and maintains a new operate and technology model designed specifically to support U.S. defense and Government engagements.

As the Vulnerability Management SME you will assist the CISO and Cyber Defense Lead design and drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a complex organization.

Your key responsibilities

• Collaborate with the Cybersecurity Operations Team ensuring proper Security Operations Center (SOC) performance, threat strategy, management and reporting across the organization. Providing vulnerability data feeds which the SOC can use to alert on.
• Produce and regularly evaluates all Vulnerability Management program and process related documentation
• Perform and provide vulnerability assessment results and recommendations to the Cyber Defense Leader, Information Security Governance Lead and Cloud Operations Lead on a regular basis and especially when needed due to incident
• Provide vulnerability risk assessment guidance to peers and stakeholders throughout the organization
• Provide regular reporting on patch management program and overall operation status of patch compliance
• Communicate potential risks and business impacts with technical and non-technical internal partners
• Provide threat analysis and current status summations to leadership along with proposed actions to minimize threats
• Ensure effective and complete scanning of production environments, and capable of providing evidence of the scans
• Ensure the accurate and timely release of vulnerability metrics
• Research and investigate new and emerging vulnerabilities, to include Zero Day events, assess against risk to the corporate and production environments, and participate in external security communities
• Manage the work direction and resource needs for the VM platform within the GPS IT environment
• Maintain an ongoing development of current threat intelligence and vulnerability analysis with an in-depth knowledge of identification, mitigation, and recovery strategies

Skills and attributes for success

• Knowledge of security frameworks and standards (e.g., NIST, ISO 27001).
• Ability to analyse vulnerability scans and reports to identify security risks.
• Skill in interpreting the results of penetration tests.
• Competence in assessing the severity of vulnerabilities and potential impact.
• Meticulousness in reviewing technical details and understanding the implications.
• Precision in documenting vulnerabilities and the steps needed for remediation.
• Creativity in developing solutions to mitigate or remediate vulnerabilities.
• Ability to prioritize issues based on risk and business impact.
• Proficiency in communicating technical information to non-technical stakeholders.
• Skill in writing clear and concise reports and remediation plans.
• Ability to advocate for security within the organization.
• Capability to manage multiple tasks and projects simultaneously.
• Efficiency in tracking and monitoring vulnerability management processes.
• Teamwork skills to work with IT, security, and other departments.
• Ability to build relationships with vendors and security researchers.
• Commitment to staying current with the latest security trends and threats.
• Willingness to pursue relevant certifications (e.g., CISSP, CEH, OSCP).
• Understanding of risk assessment methodologies and risk management principles.
• Ability to communicate risk to stakeholders and influence decision-making.
• Skills in planning, executing, and overseeing vulnerability management projects.
• Strong ethical standards to handle sensitive information responsibly.
• Ability to adapt to changing threat landscapes and technologies.
• Ability to align vulnerability management activities with the organization's strategic goals.
• Basic programming or scripting skills to automate tasks and analyse data.

To qualify for the role you must have

• Minimum bachelor’s degree in information systems or related field or an equivalent combination of education and experience
• 3+ years of comprehensive knowledge of Vulnerability Management identification, analysis, metrics and reporting tools processes enabling proper governance, risk and compliance
• Familiar with Azure.gov/GCCH environments preferred, Vulnerability Management tools
• Extensive knowledge and experience with diverse IT architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments
• Experience with security management tools, i.e. SIEMs, EDRs, MSFT Defender for Cloud
• Must have Excellent communication skills, translating complex technical information across all levels of the organization
• Well organized with excellent follow up skills to meet deadlines, coordinates work of others while fostering teamwork and cooperation, and able to handle multiple concurrent tasks
• Have broad scope knowledge and experience in Vulnerability management processes
• Must be able to work independently in a remote work environment
• Ability to obtain and maintain Top Secret Security Clearance

Ideally, you’ll also have

• Previous Cybersecurity engineering experience preferred
• Experience with Threat Intel feeds preferred
• CISSP, CEH, SANS GIAC or other security relevant certifications are preferred
• Experience with perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention) preferred
• Expert level familiarity with multiple enterprise vulnerability management tools, such as Qualys, MSFT Defender, Tanium, etc..

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.