Senior Consultant in Cybersecurity - Vulnerability ...

At EY, we are dedicated to helping you build a successful career and thrive in a globally interconnected environment, supported by diverse teams. Join us in your professional journey while contributing to a better working world. The Opportunity We are seeking an experienced Vulnerability Management (VM) Senior Consultant to join our team. In this role, you will be instrumental in designing, implementing, and managing our holistic vulnerability management services. The ideal candidate will possess in-depth knowledge of vulnerability management tools and services, along with extensive experience in a dynamic cybersecurity landscape. Your expertise will be critical in delivering customized solutions that empower our clients to effectively manage vulnerabilities while navigating the associated business risks. Your Key Responsibilities Build strong relationships by understanding the concerns and needs of stakeholders within the organization. Monitor progress, manage potential risks, and keep stakeholders informed on developments and expected outcomes. Stay updated on current business trends and the evolving cybersecurity landscape relevant to our clients' operations. Support teams in assessing client vulnerability management programs across various dimensions: people, processes, and technology. Collaborate to develop unique vulnerability management solutions tailored for client environments. Conduct thorough vulnerability assessments to identify weaknesses and evaluate the effectiveness of existing safeguards. Assist in the ongoing management of vulnerability operations, including monitoring SLAs, managing backlogs, and validating remediation efforts. Champion continuous improvement by enhancing workflows, metrics, and automation within VM operations. Engage in operational governance, including service reviews and KPI monitoring. Skills and Attributes for Success Familiarity with security and risk standards such as ISO 27001-2, CIS, PCI DSS, NIST, ITIL, and COBIT. Knowledge of various operating systems including Windows, Linux, and UNIX, across both on-premises and cloud environments. Hands-on experience with vulnerability management tools such as Qualys, Nexpose, and Wiz, including their deployment and configuration. Ability to evaluate vulnerability management tools and assist in the vendor selection process. Capable of conducting root cause analyses of vulnerabilities and providing actionable technical solutions. Strong understanding of fundamental cybersecurity concepts, including privacy, incident response, and governance. Proven experience managing cybersecurity projects, including drafting project charters and delivering status updates. Familiarity with scripting/programming (e.g., Python, PowerShell) and proficiency in using Microsoft Excel or PowerBI for metrics. Awareness of current security vulnerabilities and exploits, as well as web application vulnerabilities. Experience using EPSS, CVSS, CISA KEV, and threat intelligence for vulnerability prioritization. Strong grasp of CVE (Common Vulnerabilities and Exposures) and CWE (Common Weakness Enumerations) frameworks. Ability to develop metrics that communicate effectively with both executive and operational audiences, translating technical jargon into clear insights. To qualify for the role, you must have A bachelor's degree with a minimum of 3 years of relevant experience or a graduate degree with 1-2 years of experience. Proven experience in vulnerability management with practical use of related tools. Consulting experience in providing Vulnerability Management services across diverse industries. Exceptional written and verbal communication skills, engaging both senior management and technical experts. The ability to communicate effectively with business stakeholders in non-technical terms. A willingness to travel as required for client engagements. A valid driver's license. Ideally, you'd also have Strong interpersonal skills conducive to collaboration with clients and presenting innovative solutions. Analytical ability to approach issues both strategically and technically. Demonstrated capacity to influence decision-making across multiple projects. Prior consulting experience is highly advantageous. A cyber security certification (CISSP, CEH, GSEC) is a plus. What we look for We seek intellectually curious professionals who are passionate about cybersecurity. Your knowledge of Vulnerability Management and innovative mindset will significantly impact EY and the broader industry. If you have confidence in both your technical abilities and presentation skills, consider joining our team. What we offer you A comprehensive compensation and benefits package that recognizes your performance and contributions. A flexible working environment, including a hybrid model that favors in-person collaboration for 40-60% of the time. A flexible vacation policy that allows you to determine your time off based on personal circumstances, plus designated paid holidays and additional time off for various needs. Are you ready to shape your future with confidence? Apply today. At EY, we prioritize high ethical standards and integrity in our employees and expect candidates to demonstrate these qualities.

Created: 2026-03-10