Vulnerability Analyst

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team helps protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value. The opportunity As an Offensive Security Analyst on the Vulnerability Management team, you will play a supporting role in the meticulous evaluation and management of EY's digital exposure, working under the guidance of the Vulnerability Exposure Management Lead to identify and mitigate vulnerabilities in the EY digital attack surface. Your responsibilities will include aiding in the assessment and validation of third‑party risk assessments and ensuring that EY's security standards are upheld across all digital assets. Additionally, the analyst will influence and implement proactive defense strategies to maintain the integrity and security of the business's digital footprint. Your key responsibilities The Analyst will leverage offensive security skills to evaluate the business's digital exposure, identifying and mitigating risks stemming from misconfigurations, vulnerabilities, and mismanaged assets. The candidate will play a crucial role in managing third‑party risk assessments and identifying assets susceptible to exploitation and abuse by cyber threat actors. Collaborating closely with multiple functions, the analyst will work to execute the Attack Surface Management strategy to protect EY's digital assets. Additionally, the analyst will emulate cyber threat actors to conduct recon against the EY attack surface to identify threats and advise proactive measures to safeguard the business. Skills and attributes for success Expert attention to detail Aptitude for thinking critically Ability to handle high volume requests Flexibility and comfortability pivoting between diverse environments Developing communication skills Familiarity with research methodologies To qualify for the role you must have A minimum of 3 years of experience in vulnerability management, red team, or purple team Familiarity with cloud services, network security, and data protection principles Well‑developed knowledge of offensive security principles Professional‑level analytical and problem‑solving skills Developing ability to translate vulnerability information to business impact Demonstrated experience with third‑party risk assessments Strong communication and interpersonal skills Experience providing prioritization recommendations to stakeholders Ideally, you’ll also have OWASP training Incident response experience What we look for We are looking for a developing Offensive Security Analyst that can operate with supervision and bring new approaches to discovering and evaluating the business's externally‑exposed vulnerabilities. We are seeking a seasoned analyst to improve the organization's ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization. What we offer you The compensation ranges below are provided in order to comply with United States pay transparency laws. Other geographies will follow their local salary guidelines, which may not be a direct conversion of published US salary ranges. At EY, we’ll develop you with future‑focused skills and equip you with world‑class experiences. We’ll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more . We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $76,400 to $138,600. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $91,700 to $157,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well‑being. Equal Employment Opportunity EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at View email address on click.appcast.io . #J-18808-Ljbffr Ernst & Young Oman