Cyber SDC - Attack Surface Monitoring Analyst - Senior - Consulting - Location OPEN

In an everevolving IT landscape EY stands as a beacon of trust for clients across diverse industries seeking reliable solutions to address their intricate risks and vulnerabilities. As a vital member of our Cloud Security team you will play a central role in achieving this objective by empowering clients to comprehend and navigate their complex Enterprise Identity environments. Your expertise will be instrumental in evaluating enhancing and devising innovative solutions processes and policies to cater to each clients unique IAM requirements. This is an opportunity to leverage both your technical prowess and business acumen to drive our mission and make a significant impact on global cybersecurity.

The opportunity

We are seeking an experienced Attack Surface Monitoring professional to join our cybersecurity team as a Lead Engineer. The ideal candidate will be responsible for identifying and managing the attack surface of our organization through comprehensive monitoring and analysis. This role requires a strong understanding of opensource intelligence (OSINT) and reconnaissance techniques as well as the ability to conduct thorough assessments of externally accessible resources.

Your Key Responsibilities

• Conduct regular OSINT and reconnaissance activities to discover externally accessible resources related to the organization.
• Perform manual reviews of discovered assets to confirm their validity as companyowned resources.
• Collaborate with internal teams to ensure accurate identification and classification of assets.
• Execute port scans service discovery and lowimpact vulnerability scans against identified resources.
• Analyze scan results to identify potential vulnerabilities and security weaknesses.
• Conduct manual verification of discovered vulnerabilities to ensure accuracy and relevance.
• Compile a technical report of verified vulnerabilities.

Skills and Attributes for Success

• Proven experience in cybersecurity specifically in attack surface monitoring penetration testing and vulnerability management.
• Strong knowledge of OSINT techniques and reconnaissance methodologies.
• Proficiency in network scanning tools and vulnerability assessment frameworks.
• Excellent analytical and problemsolving skills.
• Excellent documentation skills of technical findings and vulnerabilities.

To qualify for the role you must have

• A bachelors degree in a related field and approximately 4years of related work experience; or a graduate degree and approximately 3years of related work experience.

• Experience in executing attack surface monitoring penetration testing or vulnerability management projects
• Updated knowledge of the latest exploits and security trends.
• Wellversed and handson experience with OSINT techniques and vulnerability scanners.

• A valid drivers license in the US and/or a valid passport are required; Willingness and ability to travel

Ideally youd also have

• Knowledge of Windows Linux Unix any other major operating systems.
• Certifications such as OSCP OSWP GPEN GWAPT OSCE OSEE GXPN CISSP CISM PMP CREST Certified Simulated Attack Manager
• Experience with scripting languages (e.g. Python Bash) for automation of tasks.
• Familiarity with the latest exploitstactics techniques and procedures (TTP)vulnerability remediation and security trends for OSINT network and web applications
• Understanding of network security and popular attacks vectors.
• Understanding of webbased application vulnerabilities (OWASP Top 10.
• Strong analytical and problemsolving abilities.
• Excellent communication skills both written and verbal.
• Ability to work collaboratively in a team environment.

What we look for

Were interested in intellectually curious people with a genuine passion for cyber security. With your broad exposure across ASM well turn to you to speak up with innovative new ideas that could make a lasting difference not only to us but also to the industry at large. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here this is the role for you.

• Continuous learning: Youll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: Well provide the tools and flexibility so you can make a meaningful impact your way.
• Transformative leadership: Well give you the insights coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: Youll be embraced for who you are and empowered to use your voice to help others find theirs.