Vulnerability Management Lead - Government and Public Sector - A with Security Clearance
Ernst & Young 232700.00 US Dollar . USD Per annum
2024-11-05 11:40:48
McLean, Virginia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better. Join us and build an exceptional experience for yourself, and a better working world for all. The exceptional EY experience. It's yours to build. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. The opportunity From strategy to execution, the Government & Public Sector (GPS) practice of Ernst & Young LLP provides a full range of consulting and audit services to help our Federal, State, Local and Education clients implement new ideas to help achieve their mission outcomes. We deliver real change and measurable results through our diverse, high-performing teams, quality work at the highest professional standards, operational know-how from across our global organization, and creative and bold ideas that drive innovation. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military, veterans and citizens; delivering essential public services; and helping those in need. EY is ready to help our government build a better working world. Our GPS Technology Organization is a structure within the US GPS practice that implements and maintains a new operate and technology model designed specifically to support U.S. defense and Government engagements. As the Vulnerability Management Lead you will assist the CISO and Cyber Defense Lead design and drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a complex organization. You will play a lead role in the development and maturity of our threat intelligence program. Your key responsibilities
Collaborate with the Cybersecurity Operations Team ensuring proper Security Operations Center (SOC) performance, threat strategy, management and reporting across the organization
Provide vulnerability data feeds which the SOC can use to alert on
Produce and regularly evaluates all Vulnerability Management program and process related documentation
Perform and provide vulnerability assessment results and recommendations to the Cyber Defense Leader, Information Security Governance Lead and Cloud Operations Leads on a weekly basis and especially when needed due to identified threats
Provide vulnerability risk assessment guidance to peers and stakeholders throughout the organization
Provide regular reporting on patch management operations compliance
Communicate potential risks and business impacts with technical and non-technical internal partners
Provide threat analysis and current status summations to leadership along with proposed actions to minimize identified threats
Ensure effective and complete scanning of production and non-production environments, and capable of providing evidence of the scans
Ensure the accurate and timely release of vulnerability metrics
Research and investigate new and emerging vulnerabilities, to include Zero Day events, assess against risk to the corporate and production environments, and participate in EY Global communities to share intelligence
Manage the work direction and resource needs for the VM platform within the GPS IT environment
Maintain an ongoing development of current threat intelligence and vulnerability analysis with an in-depth knowledge of identification, mitigation, and recovery strategiesSkills and attributes for success
Knowledge of security frameworks and standards (e.g., NIST,DoD SRG).
Ability to analyse vulnerability scans and reports to identify security risks.
Skill in interpreting the results of penetration tests.
Competence in assessing the severity of vulnerabilities and potential impact.
Meticulousness in reviewing technical details and understanding the implications.
Precision in documenting vulnerabilities and the steps needed for remediation.
Creativity in developing solutions to mitigate or remediate vulnerabilities.
Ability to prioritize issues based on risk and business impact.
Proficiency in communicating technical information to non-technical stakeholders.
Skill in writing clear and concise reports and remediation plans.
Ability to advocate for security within the organization.
Capability to manage multiple tasks and projects simultaneously.
Efficiency in tracking and monitoring vulnerability management processes.
Teamwork skills to work with IT, security, and other departments.
Ability to build relationships with vendors and security researchers.
Commitment to staying current with the latest security trends and threats.
Willingness to pursue relevant certifications (e.g., CISSP, CEH, OSCP).
Understanding of risk assessment methodologies and risk management principles.
Ability to communicate risk to stakeholders and influence decision-making.
Skills in planning, executing, and overseeing vulnerability management projects.
Strong ethical standards to handle sensitive information responsibly.
Ability to adapt to changing threat landscapes and technologies.
Ability to align vulnerability management activities with the organization's strategic goals.
Basic programming or scripting skills to automate tasks and analyse data.To qualify for the role you must have
Minimum bachelor's degree in information systems or related field or an equivalent combination of education and experience
5+years of comprehensive knowledge of Vulnerability Management identification, analysis, metrics and reporting tools processes enabling proper governance, risk and compliance
Familiar with Azure.gov/GCCH environments preferred, Vulnerability Management tools
Extensive knowledge and experience with diverse IT architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments
Must have Excellent communication skills, translating complex technical information across all levels of the organization
Speak in front of non-technical executives on matters related to vulnerabilities to their systems and any threats against those systems
Well organized with excellent follow up skills to meet deadlines, coordinates work of others while fostering teamwork and cooperation, and able to handle multiple concurrent tasks
Have broad scope knowledge and experience in Vulnerability management processes
Must be able to work independently in a remote work environment
Ability to obtain and maintain Top Secret Security ClearanceIdeally, you'll also have
Previous Cybersecurity engineering experience preferred
Experience with security management tools, i.e. SIEMs, EDRs, MSFT Defender for Cloud
Experience with Threat Intel feeds preferred
CISSP, CEH, SANS GIAC (i.e GIAC Enterprise Vulnerability Assessor Certification (GEVA) and/or GIAC Cyber Threat Intelligence (GCTI) or other security relevant certifications are preferred
Experience with perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention) preferred
Expert level familiarity with multiple enterprise vulnerability management tools, such as Qualys, MSFT Defender, Tanium, etc What we offer We offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $124,400 to $232,700. The salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $149,300 to $264,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you'll decide how much vacation time you need based on your own personal circumstances. You'll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
Continuous learning: You'll develop the mindset and skills to navigate whatever comes next.
Success as defined by you: We'll provide the tools and flexibility, so you can make a meaningful impact, your way.
Transformative leadership: We'll give you the insights, coaching and confidence to be the leader the world needs.
Diverse and inclusive culture: You'll be embraced for who you are and empowered to use your voice to help others find theirs.If you can demonstrate that you meet the criteria above, please contact us as soon as possible. EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. EY is an equal opportunity . click apply for full job details