Vulnerability Analyst

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets. Our Information Security professionals enable EY to work securely and deliver secure products and services, and to detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust. Opportunity As an Offensive Security Analyst on the Vulnerability Management team, you will play a supporting role in the meticulous evaluation and management of EY’s digital exposure, working under the guidance of the Vulnerability Exposure Management Lead to identify and mitigate vulnerabilities in the EY digital attack surface. Your responsibilities will include aiding in the assessment and validation of third‑party risk assessments and ensuring that EY’s security standards are upheld across all digital assets. Additionally, the analyst will influence and implement proactive defense strategies to maintain the integrity and security of the business’s digital footprint. Key Responsibilities The Analyst will leverage offensive security skills to evaluate the business’s digital exposure, identifying and mitigating risks stemming from misconfigurations, vulnerabilities, and mismanaged assets. The candidate will play a crucial role in managing third‑party risk assessments and identifying assets susceptible to exploitation and abuse by cyber threat actors. Collaborating closely with multiple functions, the analyst will work to execute the Attack Surface Management strategy to protect EY’s digital assets. Additionally, the analyst will emulate cyber threat actors to conduct recon against the EY attack surface to identify threats and advise proactive measures to safeguard the business. Skills and Attributes for Success Expert attention to detail Aptitude for thinking critically Ability to handle high volume requests Flexibility and comfortability pivoting between diverse environments Developing communication skills Familiarity with research methodologies Qualifications A minimum of 3 years of experience in vulnerability management, red team, or purple team Familiarity with cloud services, network security, and data protection principles Well-developed knowledge of offensive security principles Professional‑level analytical and problem‑solving skills Developing ability to translate vulnerability information to business impact Demonstrated experience with third‑party risk assessments Strong communication and interpersonal skills Experience providing prioritization recommendations to stakeholders Ideally, you’ll also have OWASP training Incident response experience What We Look For We are looking for a developing Offensive Security Analyst that can operate with supervision and bring new approaches to discovering and evaluating the business’s externally‑exposed vulnerabilities. We are seeking a seasoned analyst to improve the organization’s ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization. What We Offer You We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $76,400 to $138,600. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $91,700 to $157,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client‑serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well‑being. Equal Employment Opportunity EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. #J-18808-Ljbffr EY