Vulnerability Analyst

At EY, we’re all in to shape your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.

Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets!

Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team helps protect the EY brand and build client trust.

Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value.

As an Offensive Security Analyst on the Vulnerability Management team, you will play a supporting role in the meticulous evaluation and management of EY's digital exposure, working under the guidance of the Vulnerability Exposure Management Lead to identify and mitigate vulnerabilities in the EY digital attack surface. Your responsibilities will include aiding in the assessment and validation of third‑party risk assessments and ensuring that EY's security standards are upheld across all digital assets.

Additionally, the analyst will influence and implement proactive defense strategies to maintain the integrity and security of the business's digital footprint.

The Analyst will leverage offensive security skills to evaluate the business's digital exposure, identifying and mitigating risks stemming from misconfigurations, vulnerabilities, and mismanaged assets. The candidate will play a crucial role in managing third‑party risk assessments and identifying assets susceptible to exploitation and abuse by cyber threat actors. Collaborating closely with multiple functions, the analyst will work to execute the Attack Surface Management strategy to protect EY's digital assets.

Additionally, the analyst will emulate cyber threat actors to conduct recon against the EY attack surface to identify threats and advise proactive measures to safeguard the business.

• Expert attention to detail
• Aptitude for thinking critically
• Ability to handle high volume requests
• Flexibility and comfortability pivoting between diverse environments
• Developing communication skills
• Familiarity with research methodologies

• A minimum of 3 years of experience in vulnerability management, red team, or purple team
• Familiarity with cloud services, network security, and data protection principles
• Well‑developed knowledge of offensive security principles
• Professional‑level analytical and problem‑solving skills
• Developing ability to translate vulnerability information to business impact
• Demonstrated experience with third‑party risk assessments
• Strong communication and interpersonal skills
• Experience providing prioritization recommendations to stakeholders

• OWASP training
• Incident response experience

We are looking for a developing Offensive Security Analyst that can operate with supervision and bring new approaches to discovering and evaluating the business's externally‑exposed vulnerabilities. We are seeking a seasoned analyst to improve the organization's ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization.

The compensation ranges below are provided in order to comply with United States pay transparency laws.…