Specialist III, Vulnerability Management Analyst

Technology Consulting

Title: Specialist III, Vulnerability Management Analyst

EY is a global leader in assurance, tax, transaction and advisory services. Technology is at the heart of what we do and deliver at EY. Technology solutions are integrated in the client services we deliver and are key to our innovation as an organization.  

Fueled by strategic investment in technology and innovation, Client Technology seeks to drive growth opportunities and solve complex business problems for our clients through building a robust platform for business and powerful product engine that are vital to innovation at scale. As part of Client Technology, youll work with technologists and business experts, blending EY’s deep industry knowledge and innovative ideas with our platforms, capabilities, and technical expertise. As a catalyst for change and growth, you’ll be at the forefront of integrating emerging technologies from AI to Data Analytics into every corner of what we do at EY. That means more growth for you, exciting learning opportunities, career choices, and the chance to make a real impact.

EY Technology:

Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 250,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day.  Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients.  Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization.

EY Technology

Client Technology (CT) -

Enterprise Workplace Technology (EWT) –

Information Security (Info Sec) -

The opportunity

This role provides expert-level technical support for security testing services, including infrastructure, systems, and application vulnerability and penetration testing. This role also performs in-depth vulnerability analysis, investigates intrusions, develops countermeasures, and supports post-incident security improvements.

Your key responsibilities

• Detects internal system attacks and conducts vulnerability assessment of internal infrastructure, malware defense assessments and other information security routines and perimeter.
• Detects and analyzes effectiveness of attacks in real time on vulnerable systems, understands the attack, prioritize mitigation and remediation on endpoints to determine plausible threat actors that facilitate specific attack models.
• Compiles and executes emulated malware to validate attack vectors and risk assignments.
• Investigates and recommends corrective actions for security incidents to clients and project stakeholders.
• Collaborates with team on research projects that involve event analysis to complex exploit point analysis, define application changes, negotiate priorities and implementation dates, agree on service level standards, and 'partner' for success with regards to predefined remediation mandates.
• Participates in special projects and performs other duties as assigned.
• Perform in-depth vulnerability analysis and exploit applications, operating systems, or networks, tracing the path and methods used in intrusions or incidents and effectively isolating, blocking, or eliminating unauthorized access.
• Analyze complex software systems, determining both their functionality and intent, while resolving advanced malware infections and intrusion-related issues.
• Contribute to the development and implementation of countermeasures, system integrations and tools aimed at enhancing Cyber and Information Operations security.
• Actively participate in post-incident analysis, offering recommendations for strengthening system security and preventing future vulnerabilities.

Skills and attributes for success

• A team player with strong analytical, communication and interpersonal skills
• Constantly updating yourself about new technologies in the market
• A winning personality and the ability to become a trusted advisor to the stakeholders

To qualify for the role,

• Minimum 8 years of relevant experience in cybersecurity, vulnerability management, or threat analysis with at least 2 years of experience in vulnerability assessment, penetration testing, or threat intelligence preferred.
• Bachelor’s degree (B.E./B.Tech) in Computer Science or IT, or Bachelor’s in Computer Applications (BCA), or Master’s in Computer Applications (MCA), Information Security, Cybersecurity, or a related field.
• Excellent communication, problem-solving, and teamwork abilities. Detail-oriented with a proactive approach to security challenges. Adaptable to fast-paced environments and skilled in fostering collaboration across technical and non-technical teams.
• Proficiency in secure coding, threat modeling, vulnerability assessments, penetration testing, application architecture review, and DevSecOps tools integration. Strong knowledge of OWASP standards, compliance, and risk management.
• Familiarity with compliance standards (e.g., NIST, ISO 27001, CIS benchmarks) and best practices for risk mitigation.
• CISSP, OSCP, AWS Certified DevOps Engineer, or equivalent certifications preferred CISSP, OSCP, AWS Certified DevOps Engineer

Ideally, you’ll also have

• Strong verbal and written communication, facilitation, relationship-building, presentation and negotiation skills.
• Be highly flexible, adaptable, and creative.
• Comfortable interacting with senior executives (within the firm and at the client)

What we look for

• Strong teamwork, work ethic, product mindset, client centricity and a relentless commitment to EY values.

What working at EY offers

We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

About EY

As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. 

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Preferred candidate profile